14 matches found
EUVD-2026-27993
Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
PT-2026-38138
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in Cross-Origin Opener Policy COOP, a security mechanism that isolates a window from other windows, allows a remote attacker who has compromis...
CVE-2026-35408
Summary of CVE-2026-35408 (Directus): Prior to 11.17.0, Directus SSO login pages did not send COOP headers, enabling a malicious cross-origin window to access/manipulate the login page and potentially intercept/redirect the OAuth flow to an attacker-controlled client. This could lead to unauthori...
CVE-2026-35408
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...
Directus: Missing Cross-Origin Opener Policy
Summary Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can...
SUSE-SU-2026:0232-1 Security update for pgadmin4
This update for pgadmin4 fixes the following issues: - CVE-2025-9636: Fixed Cross-Origin Opener Policy COOP vulnerability bsc1249151...
PT-2025-51235
Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform versions affected versions not specified Description The application exhibits a protection mechanism failure in browser and session handling. It lacks essential HTTP security headers, including...
SUSE-SU-2025:03625-1 Security update for pgadmin4
This update for pgadmin4 fixes the following issues: - CVE-2025-9636: Fixed cross-origin opener policy COOP vulnerability bsc1249151...
EUVD-2025-26729
Malicious code in bioql PyPI...
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...
CVE-2025-9636
pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...
PT-2025-36007
Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.7 Description pgAdmin is susceptible to a Cross-Origin Opener Policy COOP issue. This allows manipulation of the OAuth flow, potentially resulting in unauthorized account access, account takeover, data breaches, and...
DEBIAN-CVE-2022-1873
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
The vulnerability of the COOP component of the Google Chrome browser, which allows a hacker to access confidential information
The vulnerability of the COOP component of the Google Chrome browser is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information through a specially created web page...