Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.3 views

PT-2026-6439

Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...

6.3CVSS5.5AI score0.00017EPSS
Exploits0References9
The Hacker News
The Hacker Newsadded 2024/07/17 5:50 a.m.22 views

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach...

7.2AI score
Exploits0
Hacker One
Hacker Oneadded 2020/09/15 3:13 a.m.53 views

Basecamp: HEY.com email stored XSS

An attacker can bypass the HEY.com HTML sanitizer and inject arbitrary unsafe HTML in emails. To reproduce the bug you have to send raw HTML-formatted email. You can do it e.g. with the Sendmail tool on Linux. Example email: plain From: [email protected] To: [email protected] Subject: HackerOne test...

Exploits0
0day.today
0day.todayadded 2018/09/28 12:0 a.m.111 views

WebKit - WebCore::SVGTRefElement::updateReferencedText Use-After-Free Exploit

Exploit for multiple platform in category dos / poc function freememory forvar i=0;i !-- ================================================================= ASan log: ================================================================= ==69919==ERROR: AddressSanitizer: heap-use-after-free on address...

8.3AI score0.20038EPSS
Exploits2
Packet Storm
Packet Stormadded 2017/04/09 12:0 a.m.52 views

Apple WebKit disconnectSubframes UXSS

Apple WebKit: UXSS via disconnectSubframes CVE-2017-2445 When an element is removed from a document, the function |disconnectSubframes| is called to detach its subframesiframe tag, object tag, etc.. Here is a snippet of |disconnectSubframes|. void disconnectSubframesContainerNode& root,...

4.3CVSS0.01127EPSS
Exploits3
Exploit DB
Exploit DBadded 2017/04/04 12:0 a.m.51 views

Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting

frameOwners; if policy == RootAndDescendants if isroot frameOwners.appenddowncastroot; collectFrameOwnersframeOwners, root; // Must disable frame loading in the subtree so an unload handler cannot // insert more frames and create loaded frames in detached subtrees. SubframeLoadingDisabler...

7.4AI score
Exploits0
seebug.org
seebug.orgadded 2017/04/04 12:0 a.m.32 views

Apple WebKit: UXSS via disconnectSubframes (CVE-2017-2445)

When an element is removed from a document, the function |disconnectSubframes| is called to detach its subframesiframe tag, object tag, etc.. Here is a snippet of |disconnectSubframes|. void disconnectSubframesContainerNode& root, SubframeDisconnectPolicy policy ... Vector frameOwners; if policy ...

4.3CVSS7.4AI score0.01127EPSS
Exploits3
Rows per page
Query Builder