CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

EUVD•added 2026/03/24 3:7 p.m.•1 views

EUVD-2026-14909

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

6.4CVSS5.9AI score0.00051EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2010-0692

Malware in sbrugna...

6.8CVSS6.1AI score0.01619EPSS

Exploits0References14

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2008-4321

Malware in sbrugna...

4.3CVSS6.4AI score0.09945EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-0553

Malware in sbrugna...

7.5CVSS7.5AI score0.0024EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-39159

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02522EPSS

Exploits1References2

OSV•added 2024/10/01 4:15 p.m.•12 views

CVE-2024-9398

By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

5.3CVSS8.7AI score

Exploits0References5

Vulnrichment•added 2024/10/01 3:13 p.m.•14 views

CVE-2024-9398

5.9AI score0.00806EPSS

Exploits0References5

Cvelist•added 2024/10/01 3:13 p.m.•22 views

CVE-2024-9398

0.00806EPSS

Exploits0References5

Debian CVE•added 2024/10/01 3:13 p.m.•10 views

CVE-2024-9398

5.3CVSS6.8AI score0.00806EPSS

Exploits0

NVD•added 2024/01/22 7:15 p.m.•15 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6.1CVSS5.9AI score0.0044EPSS

Exploits0References2

Prion•added 2024/01/22 7:15 p.m.•16 views

Design/Logic Flaw

5.8CVSS6.7AI score0.0044EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/01/22 6:23 p.m.•15 views

CVE-2024-0606

6.3AI score0.0044EPSS

Exploits0References2

CVE•added 2024/01/22 6:23 p.m.•45 views

CVE-2024-0606

CVE-2024-0606 affects Mozilla Focus for iOS before version 122. The issue is a UXSS vulnerability where an attacker can execute unauthorized scripts on a legitimate site by opening a javascript: URI via window.open(), leading to unauthorized actions within the user’s loaded webpage. Connected sou...

6.1CVSS6.1AI score0.0044EPSS

Exploits0References2Affected Software1

Mozilla•added 2024/01/22 12:0 a.m.•31 views

Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. An attacker could execut...

7.5CVSS7.7AI score0.0044EPSS

Exploits0References2Affected Software1

Veracode•added 2023/08/06 12:7 p.m.•15 views

Spoofing Attacks

firefox is vulnerable to Spoofing Attacks. The vulnerability occurs when a website uses the window.open function to open a new window. If the new window is opened in full-screen mode, the malicious website can use the document.querySelector function to find the full-screen notification and then...

7.5CVSS6.5AI score0.00168EPSS

Exploits0References5Affected Software3

Cvelist•added 2023/06/02 12:0 a.m.•21 views

CVE-2023-29533

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 112, Focus for Android 112,...

5.7AI score0.00144EPSS

Exploits0References5

RedHat Linux•added 2023/04/14 1:50 p.m.•4 views

Mozilla: Fullscreen notification obscured

The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attack...

4.3CVSS7.3AI score0.00144EPSS

Exploits0References5

Tenable Nessus•added 2023/04/14 12:0 a.m.•28 views

RHEL 8 : firefox (RHSA-2023:1788)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1788 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.8CVSS7.5AI score0.00353EPSS

Exploits0References20

ATTACKERKB•added 2022/07/25 7:15 a.m.•3 views

CVE-2022-36450

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL...

9.8CVSS9.4AI score0.02522EPSS

Exploits1References3

Prion•added 2022/07/25 7:15 a.m.•10 views

Remote code execution

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL...

7.5CVSS9.7AI score0.02522EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by