Skip to main content

Qutebrowser

4 CVEs product

Monthly

CVE-2021-41146 PyPI HIGH PATCH This Week

qutebrowser is an open source keyboard-focused browser with a minimal GUI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Microsoft Command Injection RCE Qutebrowser
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-11054 PyPI LOW PATCH Monitor

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Qutebrowser Fedora
NVD GitHub
CVSS 3.1
3.5
EPSS
1.3%
CVE-2018-10895 PyPI HIGH PATCH This Week

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF RCE Qutebrowser
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-1000559 PyPI MEDIUM POC PATCH This Month

qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Qutebrowser
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

qutebrowser is an open source keyboard-focused browser with a minimal GUI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Microsoft Command Injection RCE +1
NVD GitHub
EPSS 1% CVSS 3.5
LOW PATCH Monitor

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Qutebrowser Fedora
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF RCE Qutebrowser
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Qutebrowser
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy