[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-GCVE-1-2026-0028":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-30T07:23:07.718Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":1085,"aliases":1086,"duplicate_of":9,"upstream":1087,"downstream":1088,"duplicates":1089,"related":1090,"reserved_at":9,"published_at":1091,"modified_at":1092,"state":1093,"summary":1094,"references_raw":1101,"kevs":1107,"epss":9,"epss_history":1108,"metrics":1109,"affected":1113},"GCVE-1-2026-0028","PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on private, loopback, link-local, or otherwise non-public IP addresses.\n\n\nIn deployments where PlaywrightCapture processes untrusted URLs, this could allow a remote attacker to perform server-side request forgery against internal services or attempt to access local files from the capture environment. Depending on what capture artifacts are generated and exposed, responses from those resources could potentially be leaked through screenshots, saved page content, logs, or other capture outputs.\n\n\nThe patch mitigates the issue by introducing request routing checks that block secondary requests to local files, non-global IP addresses, and .local domains when only_global_lookup is enabled, while still allowing the originally requested capture URL.",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-918","Server-Side Request Forgery (SSRF)","The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-664","Server Side Request Forgery",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":27,"abstraction":28,"likelihood_of_exploit":29,"capec":30},"CWE-200","Exposure of Sensitive Information to an Unauthorized Actor","The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.","Draft","Class","High",[31,35,219,245,249,253,257,261,265,269,359,363,367,389,393,397,401,405,415,419,423,427,431,435,439,443,447,511,515,541,563,567,571,575,579,583,587,591,595,599,603,607,611,615,619,623,655,659,681,703,749,775,875,879,1004,1041,1051,1061,1081],{"id":32,"name":33,"techniques":34},"CAPEC-116","Excavation",[],{"id":36,"name":37,"techniques":38},"CAPEC-13","Subverting Environment Variable Values",[39,137,179],{"id":40,"name":41,"tactics":42,"countermeasures":49},"T1562.003","Impair Command History Logging",[43,46],{"id":44,"name":45},"TA0030","Defense Evasion",{"id":47,"name":48},"TA0005","Stealth",[50,55,60,64,68,72,77,81,86,91,95,99,104,108,113,117,121,125,129,133],{"id":51,"name":52,"tactic":53},"D3-CI","Configuration Inventory",{"name":54},"Model",{"id":56,"name":57,"tactic":58},"D3-FA","File Analysis",{"name":59},"Detect",{"id":61,"name":62,"tactic":63},"D3-FIM","File Integrity Monitoring",{"name":59},{"id":65,"name":66,"tactic":67},"D3-DA","Dynamic Analysis",{"name":59},{"id":69,"name":70,"tactic":71},"D3-EFA","Emulated File Analysis",{"name":59},{"id":73,"name":74,"tactic":75},"D3-FEV","File Eviction",{"name":76},"Evict",{"id":78,"name":79,"tactic":80},"D3-RKD","Registry Key Deletion",{"name":76},{"id":82,"name":83,"tactic":84},"D3-DF","Decoy File",{"name":85},"Deceive",{"id":87,"name":88,"tactic":89},"D3-DRA","Disable Remote Access",{"name":90},"Harden",{"id":92,"name":93,"tactic":94},"D3-ACH","Application Configuration Hardening",{"name":90},{"id":96,"name":97,"tactic":98},"D3-FE","File Encryption",{"name":90},{"id":100,"name":101,"tactic":102},"D3-RC","Restore Configuration",{"name":103},"Restore",{"id":105,"name":106,"tactic":107},"D3-RF","Restore File",{"name":103},{"id":109,"name":110,"tactic":111},"D3-CQ","Content Quarantine",{"name":112},"Isolate",{"id":114,"name":115,"tactic":116},"D3-CF","Content Filtering",{"name":112},{"id":118,"name":119,"tactic":120},"D3-LFP","Local File Permissions",{"name":112},{"id":122,"name":123,"tactic":124},"D3-RFAM","Remote File Access Mediation",{"name":112},{"id":126,"name":127,"tactic":128},"D3-CM","Content Modification",{"name":112},{"id":130,"name":131,"tactic":132},"D3-EAL","Executable Allowlisting",{"name":112},{"id":134,"name":135,"tactic":136},"D3-EDL","Executable Denylisting",{"name":112},{"id":138,"name":139,"tactics":140,"countermeasures":152},"T1574.006","Dynamic Linker Hijacking",[141,144,147,148,149],{"id":142,"name":143},"TA0110","Persistence",{"id":145,"name":146},"TA0111","Privilege Escalation",{"id":44,"name":45},{"id":47,"name":48},{"id":150,"name":151},"TA0104","Execution",[153,157,159,161,163,165,167,169,171,173,175,177],{"id":154,"name":155,"tactic":156},"D3-SFA","System File Analysis",{"name":59},{"id":56,"name":57,"tactic":158},{"name":59},{"id":61,"name":62,"tactic":160},{"name":59},{"id":73,"name":74,"tactic":162},{"name":76},{"id":82,"name":83,"tactic":164},{"name":85},{"id":96,"name":97,"tactic":166},{"name":90},{"id":105,"name":106,"tactic":168},{"name":103},{"id":114,"name":115,"tactic":170},{"name":112},{"id":118,"name":119,"tactic":172},{"name":112},{"id":122,"name":123,"tactic":174},{"name":112},{"id":109,"name":110,"tactic":176},{"name":112},{"id":126,"name":127,"tactic":178},{"name":112},{"id":180,"name":181,"tactics":182,"countermeasures":188},"T1574.007","Path Interception by PATH Environment Variable",[183,184,185,186,187],{"id":142,"name":143},{"id":145,"name":146},{"id":44,"name":45},{"id":47,"name":48},{"id":150,"name":151},[189,191,193,195,197,199,201,203,205,207,209,211,213,215,217],{"id":56,"name":57,"tactic":190},{"name":59},{"id":61,"name":62,"tactic":192},{"name":59},{"id":65,"name":66,"tactic":194},{"name":59},{"id":69,"name":70,"tactic":196},{"name":59},{"id":73,"name":74,"tactic":198},{"name":76},{"id":82,"name":83,"tactic":200},{"name":85},{"id":96,"name":97,"tactic":202},{"name":90},{"id":105,"name":106,"tactic":204},{"name":103},{"id":114,"name":115,"tactic":206},{"name":112},{"id":118,"name":119,"tactic":208},{"name":112},{"id":122,"name":123,"tactic":210},{"name":112},{"id":109,"name":110,"tactic":212},{"name":112},{"id":126,"name":127,"tactic":214},{"name":112},{"id":130,"name":131,"tactic":216},{"name":112},{"id":134,"name":135,"tactic":218},{"name":112},{"id":220,"name":221,"techniques":222},"CAPEC-169","Footprinting",[223,231,239],{"id":224,"name":225,"tactics":226,"countermeasures":230},"T1217","Browser Information Discovery",[227],{"id":228,"name":229},"TA0102","Discovery",[],{"id":232,"name":233,"tactics":234,"countermeasures":238},"T1592","Gather Victim Host Information",[235],{"id":236,"name":237},"TA0043","Reconnaissance",[],{"id":240,"name":241,"tactics":242,"countermeasures":244},"T1595","Active Scanning",[243],{"id":236,"name":237},[],{"id":246,"name":247,"techniques":248},"CAPEC-22","Exploiting Trust in Client",[],{"id":250,"name":251,"techniques":252},"CAPEC-224","Fingerprinting",[],{"id":254,"name":255,"techniques":256},"CAPEC-285","ICMP Echo Request Ping",[],{"id":258,"name":259,"techniques":260},"CAPEC-287","TCP SYN Scan",[],{"id":262,"name":263,"techniques":264},"CAPEC-290","Enumerate Mail Exchange (MX) Records",[],{"id":266,"name":267,"techniques":268},"CAPEC-291","DNS Zone Transfers",[],{"id":270,"name":271,"techniques":272},"CAPEC-292","Host Discovery",[273],{"id":274,"name":275,"tactics":276,"countermeasures":278},"T1018","Remote System Discovery",[277],{"id":228,"name":229},[279,283,285,287,289,293,297,301,305,309,313,317,321,325,327,329,331,333,337,339,341,343,345,347,351,353,355],{"id":280,"name":281,"tactic":282},"D3-SCA","System Call Analysis",{"name":59},{"id":154,"name":155,"tactic":284},{"name":59},{"id":56,"name":57,"tactic":286},{"name":59},{"id":61,"name":62,"tactic":288},{"name":59},{"id":290,"name":291,"tactic":292},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":59},{"id":294,"name":295,"tactic":296},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":59},{"id":298,"name":299,"tactic":300},"D3-CSPP","Client-server Payload Profiling",{"name":59},{"id":302,"name":303,"tactic":304},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":59},{"id":306,"name":307,"tactic":308},"D3-NTSA","Network Traffic Signature Analysis",{"name":59},{"id":310,"name":311,"tactic":312},"D3-APCA","Application Protocol Command Analysis",{"name":59},{"id":314,"name":315,"tactic":316},"D3-NTCD","Network Traffic Community Deviation",{"name":59},{"id":318,"name":319,"tactic":320},"D3-RTSD","Remote Terminal Session Detection",{"name":59},{"id":322,"name":323,"tactic":324},"D3-PSA","Process Spawn Analysis",{"name":59},{"id":73,"name":74,"tactic":326},{"name":76},{"id":82,"name":83,"tactic":328},{"name":85},{"id":96,"name":97,"tactic":330},{"name":90},{"id":105,"name":106,"tactic":332},{"name":103},{"id":334,"name":335,"tactic":336},"D3-SCF","System Call Filtering",{"name":112},{"id":114,"name":115,"tactic":338},{"name":112},{"id":118,"name":119,"tactic":340},{"name":112},{"id":122,"name":123,"tactic":342},{"name":112},{"id":109,"name":110,"tactic":344},{"name":112},{"id":126,"name":127,"tactic":346},{"name":112},{"id":348,"name":349,"tactic":350},"D3-NTF","Network Traffic Filtering",{"name":112},{"id":130,"name":131,"tactic":352},{"name":112},{"id":134,"name":135,"tactic":354},{"name":112},{"id":356,"name":357,"tactic":358},"D3-HBPI","Hardware-based Process Isolation",{"name":112},{"id":360,"name":361,"techniques":362},"CAPEC-293","Traceroute Route Enumeration",[],{"id":364,"name":365,"techniques":366},"CAPEC-294","ICMP Address Mask Request",[],{"id":368,"name":369,"techniques":370},"CAPEC-295","Timestamp Request",[371],{"id":372,"name":373,"tactics":374,"countermeasures":376},"T1124","System Time Discovery",[375],{"id":228,"name":229},[377,379,381,383,385,387],{"id":280,"name":281,"tactic":378},{"name":59},{"id":322,"name":323,"tactic":380},{"name":59},{"id":334,"name":335,"tactic":382},{"name":112},{"id":130,"name":131,"tactic":384},{"name":112},{"id":134,"name":135,"tactic":386},{"name":112},{"id":356,"name":357,"tactic":388},{"name":112},{"id":390,"name":391,"techniques":392},"CAPEC-296","ICMP Information Request",[],{"id":394,"name":395,"techniques":396},"CAPEC-297","TCP ACK Ping",[],{"id":398,"name":399,"techniques":400},"CAPEC-298","UDP Ping",[],{"id":402,"name":403,"techniques":404},"CAPEC-299","TCP SYN Ping",[],{"id":406,"name":407,"techniques":408},"CAPEC-300","Port Scanning",[409],{"id":410,"name":411,"tactics":412,"countermeasures":414},"T1046","Network Service Discovery",[413],{"id":228,"name":229},[],{"id":416,"name":417,"techniques":418},"CAPEC-301","TCP Connect Scan",[],{"id":420,"name":421,"techniques":422},"CAPEC-302","TCP FIN Scan",[],{"id":424,"name":425,"techniques":426},"CAPEC-303","TCP Xmas Scan",[],{"id":428,"name":429,"techniques":430},"CAPEC-304","TCP Null Scan",[],{"id":432,"name":433,"techniques":434},"CAPEC-305","TCP ACK Scan",[],{"id":436,"name":437,"techniques":438},"CAPEC-306","TCP Window Scan",[],{"id":440,"name":441,"techniques":442},"CAPEC-307","TCP RPC Scan",[],{"id":444,"name":445,"techniques":446},"CAPEC-308","UDP Scan",[],{"id":448,"name":449,"techniques":450},"CAPEC-309","Network Topology Mapping",[451,495,505],{"id":452,"name":453,"tactics":454,"countermeasures":456},"T1016","System Network Configuration Discovery",[455],{"id":228,"name":229},[457,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,491,493],{"id":56,"name":57,"tactic":458},{"name":59},{"id":61,"name":62,"tactic":460},{"name":59},{"id":65,"name":66,"tactic":462},{"name":59},{"id":69,"name":70,"tactic":464},{"name":59},{"id":280,"name":281,"tactic":466},{"name":59},{"id":322,"name":323,"tactic":468},{"name":59},{"id":73,"name":74,"tactic":470},{"name":76},{"id":82,"name":83,"tactic":472},{"name":85},{"id":96,"name":97,"tactic":474},{"name":90},{"id":105,"name":106,"tactic":476},{"name":103},{"id":114,"name":115,"tactic":478},{"name":112},{"id":118,"name":119,"tactic":480},{"name":112},{"id":122,"name":123,"tactic":482},{"name":112},{"id":109,"name":110,"tactic":484},{"name":112},{"id":126,"name":127,"tactic":486},{"name":112},{"id":130,"name":131,"tactic":488},{"name":112},{"id":134,"name":135,"tactic":490},{"name":112},{"id":334,"name":335,"tactic":492},{"name":112},{"id":356,"name":357,"tactic":494},{"name":112},{"id":496,"name":497,"tactics":498,"countermeasures":500},"T1049","System Network Connections Discovery",[499],{"id":228,"name":229},[501,503],{"id":280,"name":281,"tactic":502},{"name":59},{"id":334,"name":335,"tactic":504},{"name":112},{"id":506,"name":507,"tactics":508,"countermeasures":510},"T1590","Gather Victim Network Information",[509],{"id":236,"name":237},[],{"id":512,"name":513,"techniques":514},"CAPEC-310","Scanning for Vulnerable Software",[],{"id":516,"name":517,"techniques":518},"CAPEC-312","Active OS Fingerprinting",[519],{"id":520,"name":521,"tactics":522,"countermeasures":524},"T1082","System Information Discovery",[523],{"id":228,"name":229},[525,527,529,533,535,537,539],{"id":280,"name":281,"tactic":526},{"name":59},{"id":322,"name":323,"tactic":528},{"name":59},{"id":530,"name":531,"tactic":532},"D3-DE","Decoy Environment",{"name":85},{"id":334,"name":335,"tactic":534},{"name":112},{"id":130,"name":131,"tactic":536},{"name":112},{"id":134,"name":135,"tactic":538},{"name":112},{"id":356,"name":357,"tactic":540},{"name":112},{"id":542,"name":543,"techniques":544},"CAPEC-313","Passive OS Fingerprinting",[545],{"id":520,"name":521,"tactics":546,"countermeasures":548},[547],{"id":228,"name":229},[549,551,553,555,557,559,561],{"id":280,"name":281,"tactic":550},{"name":59},{"id":322,"name":323,"tactic":552},{"name":59},{"id":530,"name":531,"tactic":554},{"name":85},{"id":334,"name":335,"tactic":556},{"name":112},{"id":130,"name":131,"tactic":558},{"name":112},{"id":134,"name":135,"tactic":560},{"name":112},{"id":356,"name":357,"tactic":562},{"name":112},{"id":564,"name":565,"techniques":566},"CAPEC-317","IP ID Sequencing Probe",[],{"id":568,"name":569,"techniques":570},"CAPEC-318","IP 'ID' Echoed Byte-Order Probe",[],{"id":572,"name":573,"techniques":574},"CAPEC-319","IP (DF) 'Don't Fragment Bit' Echoing Probe",[],{"id":576,"name":577,"techniques":578},"CAPEC-320","TCP Timestamp Probe",[],{"id":580,"name":581,"techniques":582},"CAPEC-321","TCP Sequence Number Probe",[],{"id":584,"name":585,"techniques":586},"CAPEC-322","TCP (ISN) Greatest Common Divisor Probe",[],{"id":588,"name":589,"techniques":590},"CAPEC-323","TCP (ISN) Counter Rate Probe",[],{"id":592,"name":593,"techniques":594},"CAPEC-324","TCP (ISN) Sequence Predictability Probe",[],{"id":596,"name":597,"techniques":598},"CAPEC-325","TCP Congestion Control Flag (ECN) Probe",[],{"id":600,"name":601,"techniques":602},"CAPEC-326","TCP Initial Window Size Probe",[],{"id":604,"name":605,"techniques":606},"CAPEC-327","TCP Options Probe",[],{"id":608,"name":609,"techniques":610},"CAPEC-328","TCP 'RST' Flag Checksum Probe",[],{"id":612,"name":613,"techniques":614},"CAPEC-329","ICMP Error Message Quoting Probe",[],{"id":616,"name":617,"techniques":618},"CAPEC-330","ICMP Error Message Echoing Integrity Probe",[],{"id":620,"name":621,"techniques":622},"CAPEC-472","Browser Fingerprinting",[],{"id":624,"name":625,"techniques":626},"CAPEC-497","File Discovery",[627],{"id":628,"name":629,"tactics":630,"countermeasures":632},"T1083","File and Directory Discovery",[631],{"id":228,"name":229},[633,635,637,639,641,643,645,647,649,651,653],{"id":56,"name":57,"tactic":634},{"name":59},{"id":61,"name":62,"tactic":636},{"name":59},{"id":73,"name":74,"tactic":638},{"name":76},{"id":82,"name":83,"tactic":640},{"name":85},{"id":96,"name":97,"tactic":642},{"name":90},{"id":105,"name":106,"tactic":644},{"name":103},{"id":118,"name":119,"tactic":646},{"name":112},{"id":114,"name":115,"tactic":648},{"name":112},{"id":122,"name":123,"tactic":650},{"name":112},{"id":109,"name":110,"tactic":652},{"name":112},{"id":126,"name":127,"tactic":654},{"name":112},{"id":656,"name":657,"techniques":658},"CAPEC-508","Shoulder Surfing",[],{"id":660,"name":661,"techniques":662},"CAPEC-573","Process Footprinting",[663],{"id":664,"name":665,"tactics":666,"countermeasures":668},"T1057","Process Discovery",[667],{"id":228,"name":229},[669,671,673,675,677,679],{"id":280,"name":281,"tactic":670},{"name":59},{"id":322,"name":323,"tactic":672},{"name":59},{"id":334,"name":335,"tactic":674},{"name":112},{"id":130,"name":131,"tactic":676},{"name":112},{"id":134,"name":135,"tactic":678},{"name":112},{"id":356,"name":357,"tactic":680},{"name":112},{"id":682,"name":683,"techniques":684},"CAPEC-574","Services Footprinting",[685],{"id":686,"name":687,"tactics":688,"countermeasures":690},"T1007","System Service Discovery",[689],{"id":228,"name":229},[691,693,695,697,699,701],{"id":280,"name":281,"tactic":692},{"name":59},{"id":322,"name":323,"tactic":694},{"name":59},{"id":334,"name":335,"tactic":696},{"name":112},{"id":130,"name":131,"tactic":698},{"name":112},{"id":134,"name":135,"tactic":700},{"name":112},{"id":356,"name":357,"tactic":702},{"name":112},{"id":704,"name":705,"techniques":706},"CAPEC-575","Account Footprinting",[707],{"id":708,"name":709,"tactics":710,"countermeasures":712},"T1087","Account Discovery",[711],{"id":228,"name":229},[713,717,721,725,729,733,737,741,745],{"id":714,"name":715,"tactic":716},"D3-AM","Access Modeling",{"name":54},{"id":718,"name":719,"tactic":720},"D3-LAM","Local Account Monitoring",{"name":59},{"id":722,"name":723,"tactic":724},"D3-DAM","Domain Account Monitoring",{"name":59},{"id":726,"name":727,"tactic":728},"D3-AL","Account Locking",{"name":76},{"id":730,"name":731,"tactic":732},"D3-AA","Agent Authentication",{"name":90},{"id":734,"name":735,"tactic":736},"D3-CDP","Change Default Password",{"name":90},{"id":738,"name":739,"tactic":740},"D3-ULA","Unlock Account",{"name":103},{"id":742,"name":743,"tactic":744},"D3-RUAA","Restore User Account Access",{"name":103},{"id":746,"name":747,"tactic":748},"D3-UAP","User Account Permissions",{"name":112},{"id":750,"name":751,"techniques":752},"CAPEC-576","Group Permission Footprinting",[753,759],{"id":754,"name":755,"tactics":756,"countermeasures":758},"T1069","Permission Groups Discovery",[757],{"id":228,"name":229},[],{"id":760,"name":761,"tactics":762,"countermeasures":764},"T1615","Group Policy Discovery",[763],{"id":228,"name":229},[765,767,771,773],{"id":51,"name":52,"tactic":766},{"name":54},{"id":768,"name":769,"tactic":770},"D3-NTPM","Network Traffic Policy Mapping",{"name":54},{"id":714,"name":715,"tactic":772},{"name":54},{"id":100,"name":101,"tactic":774},{"name":103},{"id":776,"name":777,"techniques":778},"CAPEC-577","Owner Footprinting",[779],{"id":780,"name":781,"tactics":782,"countermeasures":784},"T1033","System Owner/User Discovery",[783],{"id":228,"name":229},[785,789,791,793,795,799,803,805,807,811,815,819,823,825,827,831,835,837,841,843,845,847,849,851,853,857,859,863,867,871,873],{"id":786,"name":787,"tactic":788},"D3-DI","Data Inventory",{"name":54},{"id":56,"name":57,"tactic":790},{"name":59},{"id":61,"name":62,"tactic":792},{"name":59},{"id":280,"name":281,"tactic":794},{"name":59},{"id":796,"name":797,"tactic":798},"D3-PLA","Process Lineage Analysis",{"name":59},{"id":800,"name":801,"tactic":802},"D3-PSMD","Process Self-Modification Detection",{"name":59},{"id":322,"name":323,"tactic":804},{"name":59},{"id":73,"name":74,"tactic":806},{"name":76},{"id":808,"name":809,"tactic":810},"D3-PT","Process Termination",{"name":76},{"id":812,"name":813,"tactic":814},"D3-PS","Process Suspension",{"name":76},{"id":816,"name":817,"tactic":818},"D3-HR","Host Reboot",{"name":76},{"id":820,"name":821,"tactic":822},"D3-HS","Host Shutdown",{"name":76},{"id":82,"name":83,"tactic":824},{"name":85},{"id":96,"name":97,"tactic":826},{"name":90},{"id":828,"name":829,"tactic":830},"D3-PSEP","Process Segment Execution Prevention",{"name":90},{"id":832,"name":833,"tactic":834},"D3-SAOR","Segment Address Offset Randomization",{"name":90},{"id":105,"name":106,"tactic":836},{"name":103},{"id":838,"name":839,"tactic":840},"D3-RD","Restore Database",{"name":103},{"id":114,"name":115,"tactic":842},{"name":112},{"id":118,"name":119,"tactic":844},{"name":112},{"id":122,"name":123,"tactic":846},{"name":112},{"id":109,"name":110,"tactic":848},{"name":112},{"id":126,"name":127,"tactic":850},{"name":112},{"id":334,"name":335,"tactic":852},{"name":112},{"id":854,"name":855,"tactic":856},"D3-KBPI","Kernel-based Process Isolation",{"name":112},{"id":356,"name":357,"tactic":858},{"name":112},{"id":860,"name":861,"tactic":862},"D3-ABPI","Application-based Process Isolation",{"name":112},{"id":864,"name":865,"tactic":866},"D3-WSAM","Web Session Access Mediation",{"name":112},{"id":868,"name":869,"tactic":870},"D3-DTP","Domain Trust Policy",{"name":112},{"id":130,"name":131,"tactic":872},{"name":112},{"id":134,"name":135,"tactic":874},{"name":112},{"id":876,"name":877,"techniques":878},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":880,"name":881,"techniques":882},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[883,935],{"id":884,"name":885,"tactics":886,"countermeasures":890},"T1134.001","Token Impersonation/Theft",[887,888,889],{"id":44,"name":45},{"id":47,"name":48},{"id":145,"name":146},[891,895,899,903,907,911,915,919,923,927,931],{"id":892,"name":893,"tactic":894},"D3-CCSA","Credential Compromise Scope Analysis",{"name":59},{"id":896,"name":897,"tactic":898},"D3-CR","Credential Revocation",{"name":76},{"id":900,"name":901,"tactic":902},"D3-ANCI","Authentication Cache Invalidation",{"name":76},{"id":904,"name":905,"tactic":906},"D3-DUC","Decoy User Credential",{"name":85},{"id":908,"name":909,"tactic":910},"D3-CH","Credential Hardening",{"name":90},{"id":912,"name":913,"tactic":914},"D3-MFA","Multi-factor Authentication",{"name":90},{"id":916,"name":917,"tactic":918},"D3-CRO","Credential Rotation",{"name":90},{"id":920,"name":921,"tactic":922},"D3-TB","Token Binding",{"name":90},{"id":924,"name":925,"tactic":926},"D3-TBA","Token-based Authentication",{"name":90},{"id":928,"name":929,"tactic":930},"D3-RIC","Reissue Credential",{"name":103},{"id":932,"name":933,"tactic":934},"D3-CTS","Credential Transmission Scoping",{"name":112},{"id":936,"name":937,"tactics":938,"countermeasures":943},"T1550.004","Web Session Cookie",[939,940],{"id":44,"name":45},{"id":941,"name":942},"TA0109","Lateral Movement",[944,946,948,950,952,954,956,958,960,962,964,966,968,970,972,974,976,978,980,982,984,986,988,990,992,994,996,998,1000,1002],{"id":290,"name":291,"tactic":945},{"name":59},{"id":294,"name":295,"tactic":947},{"name":59},{"id":298,"name":299,"tactic":949},{"name":59},{"id":302,"name":303,"tactic":951},{"name":59},{"id":306,"name":307,"tactic":953},{"name":59},{"id":310,"name":311,"tactic":955},{"name":59},{"id":314,"name":315,"tactic":957},{"name":59},{"id":318,"name":319,"tactic":959},{"name":59},{"id":796,"name":797,"tactic":961},{"name":59},{"id":800,"name":801,"tactic":963},{"name":59},{"id":322,"name":323,"tactic":965},{"name":59},{"id":892,"name":893,"tactic":967},{"name":59},{"id":808,"name":809,"tactic":969},{"name":76},{"id":812,"name":813,"tactic":971},{"name":76},{"id":816,"name":817,"tactic":973},{"name":76},{"id":820,"name":821,"tactic":975},{"name":76},{"id":896,"name":897,"tactic":977},{"name":76},{"id":900,"name":901,"tactic":979},{"name":76},{"id":904,"name":905,"tactic":981},{"name":85},{"id":908,"name":909,"tactic":983},{"name":90},{"id":912,"name":913,"tactic":985},{"name":90},{"id":916,"name":917,"tactic":987},{"name":90},{"id":928,"name":929,"tactic":989},{"name":103},{"id":348,"name":349,"tactic":991},{"name":112},{"id":854,"name":855,"tactic":993},{"name":112},{"id":334,"name":335,"tactic":995},{"name":112},{"id":356,"name":357,"tactic":997},{"name":112},{"id":860,"name":861,"tactic":999},{"name":112},{"id":864,"name":865,"tactic":1001},{"name":112},{"id":932,"name":933,"tactic":1003},{"name":112},{"id":1005,"name":1006,"techniques":1007},"CAPEC-616","Establish Rogue Location",[1008],{"id":1009,"name":1010,"tactics":1011,"countermeasures":1014},"T1036.005","Match Legitimate Resource Name or Location",[1012,1013],{"id":44,"name":45},{"id":47,"name":48},[1015,1017,1019,1021,1023,1025,1027,1029,1031,1033,1035,1037,1039],{"id":280,"name":281,"tactic":1016},{"name":59},{"id":56,"name":57,"tactic":1018},{"name":59},{"id":61,"name":62,"tactic":1020},{"name":59},{"id":73,"name":74,"tactic":1022},{"name":76},{"id":82,"name":83,"tactic":1024},{"name":85},{"id":96,"name":97,"tactic":1026},{"name":90},{"id":105,"name":106,"tactic":1028},{"name":103},{"id":334,"name":335,"tactic":1030},{"name":112},{"id":114,"name":115,"tactic":1032},{"name":112},{"id":118,"name":119,"tactic":1034},{"name":112},{"id":122,"name":123,"tactic":1036},{"name":112},{"id":109,"name":110,"tactic":1038},{"name":112},{"id":126,"name":127,"tactic":1040},{"name":112},{"id":1042,"name":1043,"techniques":1044},"CAPEC-643","Identify Shared Files/Directories on System",[1045],{"id":1046,"name":1047,"tactics":1048,"countermeasures":1050},"T1135","Network Share Discovery",[1049],{"id":228,"name":229},[],{"id":1052,"name":1053,"techniques":1054},"CAPEC-646","Peripheral Footprinting",[1055],{"id":1056,"name":1057,"tactics":1058,"countermeasures":1060},"T1120","Peripheral Device Discovery",[1059],{"id":228,"name":229},[],{"id":1062,"name":1063,"techniques":1064},"CAPEC-651","Eavesdropping",[1065],{"id":1066,"name":1067,"tactics":1068,"countermeasures":1072},"T1111","Multi-Factor Authentication Interception",[1069],{"id":1070,"name":1071},"TA0031","Credential Access",[1073,1077],{"id":1074,"name":1075,"tactic":1076},"D3-HCI","Hardware Component Inventory",{"name":54},{"id":1078,"name":1079,"tactic":1080},"D3-RH","Radiation Hardening",{"name":90},{"id":1082,"name":1083,"techniques":1084},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[],[],[],[],[],"2026-04-29T19:28:00.000Z","2026-04-29T19:28:44.316023Z","PUBLISHED",{"cisa_kev":1095,"cisa_ransomware":1095,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":1096,"severity_score":1097,"severity_version":1098,"severity_source":1099,"severity_vector":1100,"severity_status":1093},false,"critical",9.3,"v4.0","gcve","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H",[1102],{"url":1103,"sources":1104,"tags":1105},"https://github.com/Lookyloo/PlaywrightCapture/commit/49e289eba756e4fbac1322c33cfd111411562405",[1099],[1106],"Patch",[],[],[1110],{"source":1099,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":1111},{"baseScore":1097,"baseSeverity":1112,"vectorString":1100,"impactScore":9,"exploitabilityScore":9},"CRITICAL",[1114],{"ecosystem":9,"name":1115,"vendor":1116,"product":1117,"cpe_part":1118,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1119},"PlaywrightCapture","lookyloo","playwrightcapture","a",[1120],{"version":1121,"is_range":1122,"range_type":1123,"version_start":9,"version_start_type":9,"version_end":1124,"version_end_type":1125,"fixed_in":9},"\u003C 1.39.6",true,"cve.org","1.39.6","excluding"]