Lucene search
+L

467 matches found

Vulnrichment
Vulnrichment
added 2024/11/19 9:27 p.m.14 views

CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

7.7CVSS5.9AI score0.00472EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/12 6:0 a.m.24 views

CVE-2024-9835 RSS Feed Widget < 3.0.1 - Reflected XSS

The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.00303EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2024/10/18 5:42 a.m.46 views

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control TCC framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is track...

5.5CVSS6.2AI score0.07052EPSS
Exploits1
GoogleProjectZero
GoogleProjectZero
added 2024/10/03 12:0 a.m.29 views

Effective Fuzzing: A Dav1d Case Study

Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, an...

8.8CVSS8.1AI score0.01835EPSS
Exploits0
Cvelist
Cvelist
added 2024/09/12 6:0 a.m.26 views

CVE-2024-8056 MM-Breaking News <= 0.7.9 - Reflected XSS

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.00307EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/12 6:0 a.m.20 views

CVE-2024-6018 Music Request Manager <= 1.3 - Reflected XSS

The Music Request Manager WordPress plugin through 1.3 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.00307EPSS
Exploits1References1
CVE
CVE
added 2024/09/12 6:0 a.m.54 views

CVE-2024-6018

CVE-2024-6018 affects Music Request Manager WordPress plugin

6.1CVSS6.3AI score0.00307EPSS
Exploits1References1Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/28 12:0 a.m.186 views

Google Chromium V8 Inappropriate Implementation Vulnerability

Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS6.8AI score0.17227EPSS
In wildExploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/26 12:0 a.m.111 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS6.8AI score0.19272EPSS
In wildExploits2
The Hacker News
The Hacker News
added 2024/08/08 1:25 p.m.23 views

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/31 1:8 p.m.23 views

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEVPOPPER and linked to North Korea, has been found to have singled out...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.5 views

PT-2024-37116 · WordPress · Wp-Emember

Name of the Vulnerable Software and Affected Versions: wp-eMember WordPress plugin versions prior to 10.6.7 Description: The issue concerns a Reflected Cross-Site Scripting problem. It arises because the $ SERVER'REQUEST URI' parameter is not properly escaped before being outputted back in an...

6.8CVSS6.1AI score0.0043EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2024/06/20 8:9 a.m.25 views

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA...

7AI score
Exploits0
Veracode
Veracode
added 2024/06/17 4:21 a.m.22 views

Sensitive Information Disclosure

apache-airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the absence of a "Cache-Control" header in the response headers for dynamic content, which could lead to the unintended caching of sensitive information in the local cache of web browsers...

5.5CVSS6.2AI score0.00318EPSS
Exploits0References4Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2024/05/28 12:0 a.m.37 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS7.3AI score0.1002EPSS
In wildExploits3
CISA KEV Catalog
CISA KEV Catalog
added 2024/05/16 12:0 a.m.33 views

Google Chromium V8 Out-of-Bounds Memory Write Vulnerability

Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

8.8CVSS7AI score0.11007EPSS
In wildExploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/05/13 12:0 a.m.43 views

Google Chromium Visuals Use-After-Free Vulnerability

Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS7.2AI score0.08348EPSS
In wildExploits0
The Hacker News
The Hacker News
added 2024/04/05 9:40 a.m.32 views

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/18 12:35 p.m.41 views

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is...

7.4AI score
Exploits0
Prion
Prion
added 2024/03/06 12:15 a.m.23 views

Cross site scripting

OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users...

6.2AI score0.0034EPSS
Exploits0References2
Rows per page
Query Builder