CVE-2026-40325

Summary: CVE-2026-40325 affects Masa CMS (fork of Mura CMS). In versions up to 7.5.2, the cTrash.restore function fails to validate anti-CSRF tokens, allowing an attacker to lure a logged-in administrator into a forged request that restores deleted items and places them at an attacker-controlled ...

PT-2026-38227

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cTrash.empty function fails to validate anti-CSRF Cross-Site Request Forgery tokens for tras...

Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work

The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and analyze data, often b...

Cloudflare Public Bug Bounty: [Variation of #3321406] YetAnother 1-Click Chaining of Self-XSS, Cookie Tossing and AntiCSRF Token Prediction leads to auto approval in AccessTempAuth

A vulnerability in Cloudflare Access involving the Browser Isolation email field was discovered, which could allow for unauthorized approvals within the Temporary Auth workflow. The issue has been fully remediated...

The vulnerability of the FortiIsolator browser isolation platform and the FortiSandbox threat detection and mitigation system lies in the incorrect session duration, allowing attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the FortiIsolator browser isolation platform and the FortiSandbox threat detection and mitigation system is related to an incorrect session duration. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of the protected...

Fortinet FortiIsolator 访问控制错误漏洞

Fortinet FortiIsolator is a Fortinet application that provides remote security isolation for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web. Content and fil...

The vulnerability of the FortiIsolator browser isolation platform arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the FortiIsolator browser isolation platform exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created HTTP...

Cloud || Remote Browser Isolation most of the time not working

Users getting black screen. Or connection was closed screen...

The Next Generation of RBI (Remote Browser Isolation)

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world...

The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world...

The vulnerability of the FortiIsolator browser isolation platform, related to inadequate access control, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the FortiIsolator browser isolation platform is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information by generating a certificate again through a specially created URL address...

‘Browser Isolation’ Takes On Entrenched Web Threats

Cloudflare says it’s possible to build a version of the notoriously slow and buggy tool without compromising on speed...

The vulnerability of the browser isolation function of Google Chrome allows a violator to compromise the confidentiality and accessibility of protected information.

The vulnerability of the browser isolation function in Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and accessibility of protected information...

How Zero Trust and SASE Can Redefine Network Defenses for Remote Workforces

Zero Trust has been touted for years as the future of network security. But, only recently has it started to gain traction as a practical enterprise security framework. The implementation of digital transformation initiatives has thrust Zero Trust into the spotlight as network applications and...

UBUNTU-CVE-2019-11741

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

Tips for Successful Zero-Trust Implementation

The zero-trust concept is often and pithily summarized as “trust no one, verify everything.” No enterprise can stave off the myriad of cyberthreats as long as they assume that any individual element can be trusted as secure. No traffic, whether internal or external, can automatically be deemed...

The vulnerabilities of browsers Internet Explorer and Microsoft Edge, related to deficiencies in access control in isolated environments, allow attackers to escalate their privileges.

The vulnerability of browsers Internet Explorer and Microsoft Edge is related to deficiencies in access control in isolated environments. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...