9028 matches found
CVE-2026-12304
CVE-2026-12304 involves a Same-origin policy bypass in the Networking: Cookies component affecting Mozilla products. The vulnerability is documented for Firefox and Thunderbird (including firefox-esr and Thunderbird ESR variants) with fixes implemented in Firefox 152, Firefox ESR 140.12, Thunderb...
PT-2026-49701
Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 152.0 Description Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument. This behavior allows a malicious site to inject arbitrary cookies int...
PT-2026-49673
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 Description A same-origin policy bypass exists in the Networking: Cookies component. The same-origin poli...
Malicious code in reading-cookies (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d137cd4e8e7fc6d323c33ed04a87a97b152b217f948d01fae3172900751bf121 On import, the package's middleware spawns a detached node lib/caller.js child process. caller.js decodes a base64-obfuscated URL...
MAL-2026-5847 Malicious code in reading-cookies (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d137cd4e8e7fc6d323c33ed04a87a97b152b217f948d01fae3172900751bf121 On import, the package's middleware spawns a detached node lib/caller.js child process. caller.js decodes a base64-obfuscated URL...
Exposure of Private Personal Information to an Unauthorized Actor
Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in the CookieJar.save and CookieJar.load functions. An attacker can cause cookies intended for a specific host to be sent to subdomains by persisting and restoring cookie...
aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
Summary Host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed. ----- Patch:...
GHSA-2FQR-MR3J-6WP8 aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
Summary Host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed. ----- Patch:...
GHSA-84G9-W2XQ-VCV6 React Router: Potential CSRF via PUT/PATCH/DELETE document requests
Certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight, SameSite cookies already block the cross-origin attack vectors...
GHSA-RP9W-3FW7-7CWQ DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content
If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...
GHSA-QXH6-94W6-9R5P @angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker
An information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Service Worker fetches assets, it preserves metadata such as headers from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive...
CVE-2026-9595
Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...
UBUNTU-CVE-2026-9595
Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...
MAL-2026-5807 Malicious code in sam-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e593046a8f405a1a571d19aaa6bd46db57c4a22fce4b9acfc114dd4eb8ffb6 [email protected] is a malicious package whose only purpose is to deliver a prompt-injection payload targeting AI coding assistants Copilot, Cursor,...
CVE-2026-9595
The CVE affects webpack-dev-server where a user-configured proxy with a broad context (e.g., /) and ws: true intercepts the dev server’s HMR WebSocket, forwarding it to the proxy target. This can leak cookies and Origin headers to the backend, bypass Host/Origin validation, and corrupt the HMR so...
curl: Secure cookies leaked to HTTP origins through HTTPS forwarding proxy
Summary: When curl accesses an http:// origin through an HTTPS forwarding proxy, it sends Secure cookies in the request. The cookies travel in cleartext between the proxy and the origin server, visible to the proxy operator and anyone on that network path. curl also reports CURLINFOSCHEME as...
PT-2026-49563
Name of the Vulnerable Software and Affected Versions @angular/service-worker versions prior to 19.2.23 @angular/service-worker versions prior to 20.3.22 @angular/service-worker versions prior to 21.2.15 @angular/service-worker versions prior to 22.0.0-rc.2 Description An issue in the...
PT-2026-49561
Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue exists in @angular/common when Server-Side Rendering SSR and hydration are enabled...
PT-2026-49593
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description Host-only cookies saved using the CookieJar.save function and subsequently restored via the CookieJar.load function lose their host-only status. This can result in cookies loaded from disk being sen...
PT-2026-49559
If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...