Lucene search
K

14 matches found

EUVD
EUVD
added 2026/05/06 9:31 p.m.8 views

EUVD-2026-27993

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.8AI score0.002EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-38138

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in Cross-Origin Opener Policy COOP, a security mechanism that isolates a window from other windows, allows a remote attacker who has compromis...

9.6CVSS5.8AI score0.00344EPSS
Exploits0References136
CVE
CVE
added 2026/04/06 9:30 p.m.13 views

CVE-2026-35408

Summary of CVE-2026-35408 (Directus): Prior to 11.17.0, Directus SSO login pages did not send COOP headers, enabling a malicious cross-origin window to access/manipulate the login page and potentially intercept/redirect the OAuth flow to an attacker-controlled client. This could lead to unauthori...

9.3CVSS5.9AI score0.00169EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:30 p.m.8 views

CVE-2026-35408

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...

8.7CVSS5.9AI score0.00169EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/04 6:6 a.m.7 views

Directus: Missing Cross-Origin Opener Policy

Summary Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can...

9.3CVSS5.8AI score0.00169EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/22 12:24 p.m.2 views

SUSE-SU-2026:0232-1 Security update for pgadmin4

This update for pgadmin4 fixes the following issues: - CVE-2025-9636: Fixed Cross-Origin Opener Policy COOP vulnerability bsc1249151...

7.9CVSS5.8AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51235

Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform versions affected versions not specified Description The application exhibits a protection mechanism failure in browser and session handling. It lacks essential HTTP security headers, including...

6.9CVSS6.2AI score0.00075EPSS
Exploits0References8
OSV
OSV
added 2025/10/17 6:12 a.m.5 views

SUSE-SU-2025:03625-1 Security update for pgadmin4

This update for pgadmin4 fixes the following issues: - CVE-2025-9636: Fixed cross-origin opener policy COOP vulnerability bsc1249151...

7.9CVSS7AI score0.00213EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-26729

Malicious code in bioql PyPI...

7.9CVSS6.6AI score0.00213EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/05 6:31 p.m.10 views

pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability

pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...

7.9CVSS7AI score0.00213EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/09/04 5:15 p.m.22 views

CVE-2025-9636

pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...

7.9CVSS0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.4 views

PT-2025-36007

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.7 Description pgAdmin is susceptible to a Cross-Origin Opener Policy COOP issue. This allows manipulation of the OAuth flow, potentially resulting in unauthorized account access, account takeover, data breaches, and...

7.9CVSS5.9AI score0.00213EPSS
Exploits0References25
OSV
OSV
added 2022/07/27 10:15 p.m.1 views

DEBIAN-CVE-2022-1873

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS6.9AI score0.00763EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.5 views

The vulnerability of the COOP component of the Google Chrome browser, which allows a hacker to access confidential information

The vulnerability of the COOP component of the Google Chrome browser is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information through a specially created web page...

7.8CVSS6.7AI score0.00836EPSS
Exploits0References10Affected Software6
Rows per page
Query Builder