CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10960 matches found

CVE•added 2022/01/28 7:9 p.m.•73 views

CVE-2021-23863

The CVE affects Bosch Video Security software (version 3.2.3 and earlier). A code injection vulnerability enables an attacker to inject arbitrary HTML into a WebView-loaded component, potentially causing the application to display attacker-controlled web resources. The root cause is HTML/code inj...

6.1CVSS6.2AI score0.00562EPSS

Exploits0References2Affected Software1

CNNVD•added 2022/01/28 12:0 a.m.•4 views

Bosch Video Security 跨站脚本漏洞

Bosch Video Security is a video security system from Bosch, Germany. Used to connect to Bosch Ip cameras and encoders from around the world, experience instant video playback, full access to your recordings, forensic search of cameras with Bosch video analytics support, and smooth control of Ptz...

6.1CVSS5.7AI score0.00562EPSS

Exploits0References3

Hacker One•added 2022/01/20 11:38 p.m.•36 views

EXNESS: Improper Implementation of SDK Allows Universal XSS in Webview Leading to Account Takeover

Affected App: Social Trading com.exness.investments App Version: - 2.45.8-release latest on PlayStore Summary: The SurveyMonkey SDK, used to collect surveys from users for analytic and informative purposes, was implemented in an insecure manner in . Particularly, the SMFeedbackActivity was...

0.2AI score

Exploits0

BDU FSTEC•added 2022/01/10 12:0 a.m.•5 views

The vulnerability of the WebView component for displaying web pages in Google Chrome allows attackers to circumvent existing security restrictions.

The vulnerability of the WebView component of Google Chrome’s browser involves errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions through a specially created HTML page...

6.5CVSS6.9AI score0.01015EPSS

Exploits0References9Affected Software6

Hacker One•added 2021/12/30 7:48 a.m.•17 views

Brave Software: XSS on internal: privileged origin through reader mode

A vulnerability in Brave iOS versions 1.32.3 and higher allowed for XSS attacks on the privileged origin internal://local through the combination of two weaknesses. The first weakness was the exposure of uuidKey through the REFERER header due to the lack of referrer header protection in the...

6.3AI score

Exploits0

BDU FSTEC•added 2021/12/16 12:0 a.m.•6 views

The vulnerability of Google Chrome’s WebView component allows a hacker to bypass existing security restrictions by using a specially created HTML page.

The vulnerability of Google Chrome’s WebView component is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions through a specially created HTML page...

6.5CVSS6.8AI score0.03819EPSS

Exploits0References13Affected Software5

Tenable Nessus•added 2021/11/20 12:0 a.m.•42 views

openSUSE 15 Security Update : opera (openSUSE-SU-2021:1488-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1488-1 advisory. - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to...

9.6CVSS7.7AI score0.01EPSS

Exploits0References33

Github Security Blog•added 2021/11/15 5:40 p.m.•35 views

Improper Verification of Communication Channel in @theia/plugin-ext

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

6.1CVSS4.2AI score0.00713EPSS

Exploits1References4Affected Software1

NVD•added 2021/11/10 5:15 p.m.•8 views

CVE-2021-41038

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

6.1CVSS0.00713EPSS

Exploits1References2

Prion•added 2021/11/10 5:15 p.m.•16 views

Code injection

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

4.3CVSS6.1AI score0.00713EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/11/10 5:5 p.m.•16 views

CVE-2021-41038

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

6.4AI score0.00713EPSS

Exploits1References2

CVE•added 2021/11/10 5:5 p.m.•56 views

CVE-2021-41038

The CVE-2021-41038 entry concerns the @theia/plugin-ext component of Eclipse Theia (pre-1.18.0). The issue is that Webview contents can be hijacked via postMessage(), caused by improper verification of the communication channel. This mode of exploitation could expose or modify Webview content dep...

6.1CVSS6.1AI score0.00713EPSS

Exploits1References2Affected Software1

CNNVD•added 2021/11/10 12:0 a.m.•4 views

Eclipse Theia 安全漏洞

Eclipse Theia is the Eclipse Foundation's set of open source IDE frameworks for desktop and web applications based on Visual Studio Code. A security vulnerability exists in the version of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, which originates from Webview content that...

6.1CVSS6.2AI score0.00713EPSS

Exploits1References3

Veracode•added 2021/11/09 3:6 p.m.•25 views

Information Disclosure

chromium-browser:bionic is vulnerable to information disclosure. Inappropriate implementation in WebView in Google Chrome on Android allowed a remote attacker to leak cross-origin data via a crafted app...

5.5CVSS3.6AI score0.00588EPSS

Exploits0References4Affected Software2

NVD•added 2021/11/02 10:15 p.m.•14 views

CVE-2021-37990