CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

NVD•added 2026/05/12 11:16 p.m.•12 views

CVE-2026-44548

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records,...

8.1CVSS0.0012EPSS

Exploits0References1

EUVD•added 2026/05/12 10:33 p.m.•8 views

EUVD-2026-29885

8.1CVSS5.7AI score0.0012EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 10:33 p.m.•6 views

CVE-2026-44548

8.1CVSS5.7AI score0.0012EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/11/01 2:20 p.m.•12 views

CVE-2025-48980

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...

6.5CVSS6.7AI score0.00257EPSS

Exploits0References1

EUVD•added 2025/10/31 12:30 a.m.•3 views

EUVD-2025-37235

6.5CVSS6.1AI score0.00257EPSS

Exploits0References2

NVD•added 2025/10/31 12:15 a.m.•3 views

CVE-2025-48980

6.5CVSS0.00257EPSS

Exploits0References1

Cvelist•added 2025/10/30 11:29 p.m.•5 views

CVE-2025-48980

6.5CVSS0.00257EPSS

Exploits0References1

Vulnrichment•added 2025/10/30 11:29 p.m.•4 views

CVE-2025-48980

6.5CVSS6.4AI score0.00257EPSS

Exploits0References1

CVE•added 2025/10/30 11:29 p.m.•13 views

CVE-2025-48980

Brave Browser Desktop (pre-1.83.10) with Split View enabled has a cookie handling flaw in the Open Link in Split View context menu: SameSite=Strict cookies could be sent during cross-site navigation. This is tied to Brave’s Split View behavior and affects confidentiality with cross-site requests....

6.5CVSS6.3AI score0.00257EPSS

Exploits0References1

Positive Technologies•added 2025/10/30 12:0 a.m.•3 views

PT-2025-44560

Name of the Vulnerable Software and Affected Versions Brave Browser versions prior to 1.83.10 Description The "Open Link in Split View" context menu item in Brave Browser Desktop did not correctly handle the SameSite cookie attribute when the split view feature was enabled. Specifically,...

6.5CVSS6.5AI score0.00257EPSS

Exploits0References6

Microsoft CVE•added 2025/09/03 10:10 p.m.•2 views

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

...

9.8CVSS9.2AI score0.00662EPSS

Exploits0

Hacker One•added 2025/07/15 1:33 p.m.•6 views

Brave Software: SameSite restrictions are lifted, and SameSite:Strict cookie are being sent.

A vulnerability was discovered where SameSite=Strict cookies were being sent during cross-site navigations, even though they should have been restricted under the SameSite policy. This was caused by the absence of the Sec-Fetch-Site: cross-site header, which is normally used to prevent such...

6.5CVSS8.9AI score0.01406EPSS

Exploits1

RedhatCVE•added 2025/05/23 10:2 a.m.•4 views

CVE-2024-6611