Lucene search
K

20 matches found

EUVD
EUVD
added 2026/05/06 9:31 p.m.8 views

EUVD-2026-27993

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.8AI score0.002EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 6:12 p.m.7 views

CVE-2026-7945

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.002EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-38138

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in Cross-Origin Opener Policy COOP, a security mechanism that isolates a window from other windows, allows a remote attacker who has compromis...

9.6CVSS5.8AI score0.00344EPSS
Exploits0References136
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:30 p.m.9 views

CVE-2026-35408

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...

8.7CVSS5.9AI score0.00169EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/06 9:30 p.m.16 views

CVE-2026-35408

Summary of CVE-2026-35408 (Directus): Prior to 11.17.0, Directus SSO login pages did not send COOP headers, enabling a malicious cross-origin window to access/manipulate the login page and potentially intercept/redirect the OAuth flow to an attacker-controlled client. This could lead to unauthori...

9.3CVSS5.9AI score0.00169EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/04 6:6 a.m.2 views

GHSA-8M32-P958-JG99 Directus: Missing Cross-Origin Opener Policy

Summary Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can...

8.7CVSS5.8AI score0.00169EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/04 6:6 a.m.7 views

Directus: Missing Cross-Origin Opener Policy

Summary Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can...

9.3CVSS5.8AI score0.00169EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/22 12:24 p.m.3 views

SUSE-SU-2026:0232-1 Security update for pgadmin4

This update for pgadmin4 fixes the following issues: - CVE-2025-9636: Fixed Cross-Origin Opener Policy COOP vulnerability bsc1249151...

7.9CVSS5.8AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51235

Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform versions affected versions not specified Description The application exhibits a protection mechanism failure in browser and session handling. It lacks essential HTTP security headers, including...

6.9CVSS6.2AI score0.00075EPSS
Exploits0References8
NVD
NVD
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34413

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

7.1CVSS0.00389EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 6:11 p.m.3 views

CVE-2025-34413 Legality WHISTLEBLOWING Missing Critical HTTP Security Headers

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

7.1CVSS6.3AI score0.00389EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50148

Name of the Vulnerable Software and Affected Versions Legality WHISTLEBLOWING by DigitalPA affected versions not specified Description A protection mechanism failure exists due to the omission of critical HTTP security headers by default. Specifically, Content-Security-Policy, Referrer-Policy,...

7.1CVSS6.2AI score0.00389EPSS
Exploits0References5
OSV
OSV
added 2025/10/17 6:12 a.m.5 views

SUSE-SU-2025:03625-1 Security update for pgadmin4

This update for pgadmin4 fixes the following issues: - CVE-2025-9636: Fixed cross-origin opener policy COOP vulnerability bsc1249151...

7.9CVSS7AI score0.00213EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-26729

Malicious code in bioql PyPI...

7.9CVSS6.6AI score0.00213EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/05 6:31 p.m.10 views

pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability

pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...

7.9CVSS7AI score0.00213EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/09/04 5:15 p.m.22 views

CVE-2025-9636

pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...

7.9CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 4:43 p.m.47 views

CVE-2025-9636

CVE-2025-9636 affects pgAdmin4 (notably pgadmin4 packages in multiple Linux distributions). The vulnerability is a Cross-Origin Opener Policy (COOP) issue that could allow an attacker to manipulate the OAuth flow, potentially leading to restricted for unauthorised account access, account takeover...

7.9CVSS6.4AI score0.00213EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.5 views

PT-2025-36007

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.7 Description pgAdmin is susceptible to a Cross-Origin Opener Policy COOP issue. This allows manipulation of the OAuth flow, potentially resulting in unauthorized account access, account takeover, data breaches, and...

7.9CVSS5.9AI score0.00213EPSS
Exploits0References28
OSV
OSV
added 2022/07/27 10:15 p.m.1 views

DEBIAN-CVE-2022-1873

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS6.9AI score0.00763EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.6 views

The vulnerability of the COOP component of the Google Chrome browser, which allows a hacker to access confidential information

The vulnerability of the COOP component of the Google Chrome browser is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information through a specially created web page...

7.8CVSS6.7AI score0.00836EPSS
Exploits0References10Affected Software6
Rows per page
Query Builder