Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
developer tools vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-6472
Insufficient policy enforcement in developer tools in Google Chrome before 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.
Google Chrome
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2020-6482
Insufficient policy enforcement in developer tools in Google Chrome before 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
Google Chrome
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2018-5106
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability...
Mozilla Firefox
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
6.8
CVSSv2
CVE-2020-6443
Insufficient data validation in developer tools in Google Chrome before 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
Google Chrome
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Opensuse Leap 15.1
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Backports Sle-15
6.8
CVSSv2
CVE-2020-6447
Inappropriate implementation in developer tools in Google Chrome before 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
6.8
CVSSv2
CVE-2021-4063
Use after free in developer tools in Google Chrome before 96.0.4664.93 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 34
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2019-9804
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with t...
Mozilla Firefox
NA
CVE-2023-5654
The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from t...
Facebook React-devtools
6.4
CVSSv2
CVE-2017-5468
An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.
Mozilla Firefox
NA
CVE-2023-23604
A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109.
Mozilla Firefox
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »