152 matches found
Astra Linux - уязвимость в chromium
Before version 97.0.4692.99, using "Print in Google Chrome" allowed a remote attacker to convince the user to engage in specific user interactions, thereby potentially exploiting heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 97.0.4692.99, using Omnibox in Google Chrome allowed attackers to potentially exploit heap corruption by using a crafted HTML page, as long as those attackers could convince users to engage in certain user interactions...
EUVD-2022-15843
Malicious code in bioql PyPI...
EUVD-2022-34870
Malicious code in bioql PyPI...
EUVD-2022-34854
Malicious code in bioql PyPI...
EUVD-2022-34860
Malicious code in bioql PyPI...
EUVD-2022-15977
Malicious code in bioql PyPI...
EUVD-2022-24921
Malicious code in bioql PyPI...
CVE-2024-8802 Clio Grow <= 1.0.2 - Reflected Cross-Site Scripting
The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
SUSE CVE-2024-7968
Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
BIT-GITLAB-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
Stored Cross Site Scripting (XSS)
stimulsoft-dashboards-js is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization for the ReportName field, which allows an attacker to create a stored XSS payload which remains active and is executed with specific user interactions, such as when a user clicks on t...
Gitlab -- vulnerabilities
Gitlab reports: Account Takeover via Password Reset without user interactions Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user Bypass CODEOWNERS approval removal Workspaces able to be created under different root namespace Commit signature validation...
CVE-2023-6719
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...
CVE-2023-6719 Cross-site Scripting in Repox
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...
Microsoft Edge (Chromium) < 118.0.2088.46 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.46. It is, therefore, affected by multiple vulnerabilities as referenced in the October 13, 2023 advisory. - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker...
CVE-2023-5474
Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Medium...
Heap overflow
Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Medium...
CVE-2023-5474
Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Medium...
CVE-2023-5474
Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Medium...