CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

OSV•added 2025/01/29 9:15 a.m.•6 views

CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

9.8CVSS6.8AI score

Exploits0References4

SUSE CVE•added 2024/09/28 2:54 a.m.•1 views

SUSE CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...

6.5CVSS6.9AI score0.00595EPSS

Exploits0References14

Vulnrichment•added 2024/09/16 11:23 p.m.•19 views

CVE-2024-44187

6.8AI score0.00595EPSS

Exploits0References6

NVD•added 2024/02/09 9:15 a.m.•9 views

CVE-2024-25677

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document...

8.8CVSS8.5AI score0.00098EPSS

Exploits0References1

OSV•added 2024/02/09 9:15 a.m.•2 views

CVE-2024-25677

8.8CVSS6.7AI score

Exploits0References1

SUSE CVE•added 2023/02/15 4:3 a.m.•1 views

SUSE CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

8.1CVSS6.3AI score0.00055EPSS

Exploits0References7

RedHat Linux•added 2021/11/09 6:30 p.m.•3 views

webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.1CVSS6.2AI score0.0061EPSS

Exploits0References5

Tenable Nessus•added 2020/11/30 12:0 a.m.•158 views

CentOS 7 : webkitgtk4 (RHSA-2020:4035)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4035 advisory. - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH,...

9.8CVSS7.7AI score0.45572EPSS

Exploits21References105

RedHat Linux•added 2020/11/04 1:21 a.m.•3 views

webkitgtk: Non-unique security origin for DOM object contexts

7.8CVSS6.7AI score0.00055EPSS

Exploits0References5

OSV•added 2020/10/27 9:15 p.m.•1 views

DEBIAN-CVE-2020-3864

7.8CVSS6.3AI score0.00055EPSS

Exploits0References1

NVD•added 2020/10/27 9:15 p.m.•15 views

CVE-2020-3864

7.8CVSS7.4AI score0.00055EPSS

Exploits0References6

Prion•added 2020/10/27 9:15 p.m.•22 views

Design/Logic Flaw

7.2CVSS7.2AI score0.00055EPSS

Exploits0References6Affected Software9

Cvelist•added 2020/10/27 8:10 p.m.•18 views

CVE-2020-3864

7.5AI score0.00055EPSS

Exploits0References6

Debian CVE•added 2020/10/27 8:10 p.m.•32 views

CVE-2020-3864

7.8CVSS6.3AI score0.00055EPSS

Exploits0

RedHat Linux•added 2020/09/29 8:16 p.m.•4 views

webkitgtk: Non-unique security origin for DOM object contexts

7.8CVSS6.7AI score0.00055EPSS

Exploits0References5

OpenVAS•added 2020/02/19 12:0 a.m.•71 views

Debian: Security Advisory (DSA-4627-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.9AI score0.00472EPSS

Exploits0References4

OSV•added 2020/02/18 2:5 p.m.•6 views

MGASA-2020-0092 Updated webkit2 packages fix security vulnerability

webkit2 packages have been updated to 2.26.4 and fixed the followin security vulnerabilities: A malicious website may be able to cause a denial of service CVE-2020-3862. A DOM object context may not have had a unique security origin CVE-2020-3864. A top-level DOM object context may have incorrect...

9.3CVSS7.7AI score0.00472EPSS

Exploits0References5

Mageia•added 2020/02/18 2:5 p.m.•61 views

Updated webkit2 packages fix security vulnerability

9.3CVSS2.1AI score0.00472EPSS

Exploits0References4

Tenable Nessus•added 2020/02/18 12:0 a.m.•63 views

Debian DSA-4627-1 : webkit2gtk - security update

The following vulnerabilities have been discovered in the webkit2gtk web engine : - CVE-2020-3862 Srikanth Gatta discovered that a malicious website may be able to cause a denial of service. - CVE-2020-3864 Ryan Pickren discovered that a DOM object context may not have had a unique security origi...

9.3CVSS7AI score0.00472EPSS

Exploits0References13

Debian•added 2020/02/17 8:39 p.m.•94 views

[SECURITY] [DSA 4627-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4627-1 [email protected] https://www.debian.org/security/ Alberto Garcia February 17, 2020 https://www.debian.org/security/faq -...

9.3CVSS9AI score0.00472EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by