Lucene search
K

18 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 2:29 p.m.9 views

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

6.1CVSS5.8AI score0.00312EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/11 5:1 p.m.9 views

EUVD-2026-29133

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 11:31 p.m.5 views

GHSA-22W3-693W-X895 webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible when subdomains are allowed

Summary webauthn-rs-core Relying Partyrp and webauthn-authenticator-rs client checked that an Origin in CollectedClientDataorigin is valid for an RP IDrpid with str::endswithends-with, without checking for a dot . before the RP ID when allowing subdomainsregisterable-suffix. This check is flawed,...

2.3CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/01/08 1:20 a.m.29 views

CVE-2026-21883 Bokeh server applications have Incomplete Origin Validation in WebSockets

Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist e.g., dashboard.corp, an attacker can register a domain like dashboard.corp.attacker.com or use a subdomain if applicable and lure a victim to visit it. The...

7.4CVSS0.00159EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-11720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Firefox and Firefox Focus UI for the Android custom tab feature only showed the site that was loaded, not the full hostname. User supplied content hosted on...

8.1CVSS5.7AI score0.00244EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/10/16 11:38 p.m.3 views

SUSE CVE-2025-11720

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

8.1CVSS5.7AI score0.00244EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11720

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

8.1CVSS6AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/10/14 1:15 p.m.4 views

UBUNTU-CVE-2025-11720

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

8.1CVSS5.7AI score0.00244EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/14 12:27 p.m.7 views

CVE-2025-11720 Spoofing risk in Android custom tabs

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

0.00244EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/10/14 12:27 p.m.4 views

CVE-2025-11720

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

8.1CVSS5.7AI score0.00244EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/14 12:27 p.m.2 views

CVE-2025-11720 Spoofing risk in Android custom tabs

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

5.7AI score0.00244EPSS
Exploits0References3
CVE
CVE
added 2025/10/14 12:27 p.m.18 views

CVE-2025-11720

Summary of CVE-2025-11720 : The issue affects Mozilla Firefox (including Firefox for Android) where the Custom Tabs UI only shows the base site hostname, not the full hostname. This can enable user deception when content from a subdomain is hosted to resemble content from another subdomain of the...

8.1CVSS5.7AI score0.00244EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 7:30 p.m.9 views

CVE-2021-27231

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...

5.5CVSS6.7AI score0.01413EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.3 views

SUSE CVE-2017-7838

Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...

5.3CVSS8.3AI score0.01471EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/04/15 6:15 a.m.3 views

CVE-2022-28345

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing t...

7.5CVSS5.9AI score0.02192EPSS
Exploits1References5
Prion
Prion
added 2021/02/16 4:15 a.m.10 views

Design/Logic Flaw

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...

5.5CVSS5.3AI score0.01413EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2021/02/16 3:19 a.m.60 views

CVE-2021-27231

CVE-2021-27231 affects Hestia Control Panel 1.3.5 and below in a shared-hosting environment. The vulnerability allows remote authenticated users to create a subdomain for a different customer’s domain name, leading to spoofing of services or email messages. The provided documents describe the iss...

5.5CVSS5.2AI score0.01413EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2017/11/15 12:0 a.m.6 views

UBUNTU-CVE-2017-7838

Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...

5.3CVSS6.8AI score0.01471EPSS
Exploits0References4
Rows per page
Query Builder