cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-26081,https://securityvulnerability.io/vulnerability/CVE-2023-26081,Password Exfiltration Vulnerability in Epiphany Browser by GNOME,"In Epiphany (also known as GNOME Web) version 43.0, a security flaw exists where untrusted web content can manipulate the autofill feature, causing users' passwords to be inadvertently exfiltrated from sandboxed contexts. This vulnerability highlights the risks associated with autofill mechanisms when interacting with potentially malicious websites.",Gnome,Epiphany,7.5,HIGH,0.0017600000137463212,false,,false,false,false,,,false,false,,2023-02-20T03:15:00.000Z,0
CVE-2022-29536,https://securityvulnerability.io/vulnerability/CVE-2022-29536,Buffer Overflow Vulnerability in GNOME Epiphany Browser,"A vulnerability in GNOME's Epiphany browser allows for a client buffer overflow due to improper handling of UTF-8 ellipsis characters, specifically in the ephy_string_shorten function during the UI process. This issue arises when an HTML document contains a long page title that exceeds the expected number of bytes, leading to potential exploitation scenarios.",Gnome,Epiphany,7.5,HIGH,0.008820000104606152,false,,false,false,false,,,false,false,,2022-04-20T23:15:00.000Z,0
CVE-2021-45086,https://securityvulnerability.io/vulnerability/CVE-2021-45086,Cross-Site Scripting Vulnerability in GNOME Web by GNOME,"A Cross-Site Scripting (XSS) vulnerability has been identified in GNOME Web (Epiphany), impacting versions prior to 40.4 and the 41.x series prior to 41.1. This vulnerability arises from the improper handling of server-suggested filenames utilized in PDF.js, which can be exploited by attackers to inject malicious scripts. Users of affected versions may face risks such as unauthorized access and data manipulation when viewing PDF documents. It is crucial to update to the latest versions to mitigate potential threats and enhance security.",Gnome,Epiphany,6.1,MEDIUM,0.003370000049471855,false,,false,false,false,,,false,false,,2021-12-16T02:19:35.000Z,0
CVE-2021-45087,https://securityvulnerability.io/vulnerability/CVE-2021-45087,Cross-Site Scripting Vulnerability in GNOME Web Browser,"A cross-site scripting vulnerability exists in GNOME Web (Epiphany) prior to version 40.4 and in version 41.x before 41.1. This issue can be exploited during the usage of View Source mode or Reader mode on specific webpages. A maliciously crafted page title may inadvertently execute scripts in a user’s browser, potentially leading to unauthorized access and exposure of sensitive information. Users are advised to update to the latest version to mitigate this vulnerability.",Gnome,Epiphany,6.1,MEDIUM,0.0027600000612437725,false,,false,false,false,,,false,false,,2021-12-16T02:19:26.000Z,0
CVE-2021-45088,https://securityvulnerability.io/vulnerability/CVE-2021-45088,Cross-Site Scripting Vulnerability in GNOME Web by GNOME,"A Cross-Site Scripting vulnerability was discovered in GNOME Web (Epiphany) prior to version 40.4 and in 41.x before version 41.1, allowing attackers to inject malicious scripts through error pages. This can lead to unauthorized access to user data and potential exploitation of users' browsers. Users are advised to upgrade to the latest versions to mitigate risks associated with this vulnerability.",Gnome,Epiphany,6.1,MEDIUM,0.0027600000612437725,false,,false,false,false,,,false,false,,2021-12-16T02:19:17.000Z,0
CVE-2021-45085,https://securityvulnerability.io/vulnerability/CVE-2021-45085,XSS Vulnerability in GNOME Web Browser by GNOME,"An XSS vulnerability exists in the GNOME Web browser (Epiphany) prior to version 40.4 and in version 41.x prior to 41.1. This security issue can be triggered via an about: page, particularly through the 'ephy-about:overview' functionality. It becomes exploitable when a user visits a malicious page frequently enough for it to be added to the browser's Most Visited list, potentially allowing an attacker to run arbitrary scripts in the context of the user’s browser.",Gnome,Epiphany,6.1,MEDIUM,0.0027600000612437725,false,,false,false,false,,,false,false,,2021-12-16T02:19:08.000Z,0
CVE-2019-6251,https://securityvulnerability.io/vulnerability/CVE-2019-6251,,WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.,Gnome,Epiphany,8.1,HIGH,0.002409999957308173,false,,false,false,false,,,false,false,,2019-01-14T07:00:00.000Z,0
CVE-2018-12016,https://securityvulnerability.io/vulnerability/CVE-2018-12016,,libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.,Gnome,Epiphany,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2018-06-07T14:29:00.000Z,0
CVE-2018-11396,https://securityvulnerability.io/vulnerability/CVE-2018-11396,,"ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.",Gnome,Epiphany,7.5,HIGH,0.0040799998678267,false,,false,false,false,,,false,false,,2018-05-23T13:00:00.000Z,0
CVE-2017-1000025,https://securityvulnerability.io/vulnerability/CVE-2017-1000025,,"GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.",Gnome,Epiphany,7.5,HIGH,0.0027799999807029963,false,,false,false,false,,,false,false,,2017-07-17T13:18:00.000Z,0
CVE-2010-3312,https://securityvulnerability.io/vulnerability/CVE-2010-3312,,"Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.",Gnome,Epiphany,,,0.00279999990016222,false,,false,false,false,,,false,false,,2010-10-14T05:58:00.000Z,0
CVE-2008-5985,https://securityvulnerability.io/vulnerability/CVE-2008-5985,,"Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).",Gnome,Epiphany,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2009-01-28T11:00:00.000Z,0
CVE-2005-0238,https://securityvulnerability.io/vulnerability/CVE-2005-0238,,"The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.",Gnome,"Epiphany,Camino,Omniweb,Opera Browser,Mozilla",,,0.007470000069588423,false,,false,false,false,,,false,false,,2005-05-02T04:00:00.000Z,0