42 matches found
PT-2026-51747
Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A flaw in the cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that...
CVE-2026-53899 Cross-origin cookies could be leaked when opening a PDF link
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...
IBM DataPower Gateway 安全漏洞
IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...
CVE-2025-9614
An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to...
EUVD-2019-6580
Malware in sbrugna...
EUVD-2011-2145
Malware in sbrugna...
EUVD-2011-4677
Malware in sbrugna...
EUVD-2020-26130
Malware in sbrugna...
EUVD-2016-10689
Malware in sbrugna...
Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks
CPUs provide isolation mechanisms like virtualization and privilege levels to protect software. Yet these focus on architectural isolation while typically overlooking microarchitectural side channels, exemplified by Meltdown and Foreshadow. Software must therefore supplement architectural defense...
CVE-2025-31491
CVE-2025-31491 affects AutoGPT prior to version 0.6.1. A custom requests wrapper does not follow redirects safely: the initial request is not redirected, but the wrapper re-issues the request to the new location. Crucially, this re-request path does not account for security-sensitive headers and ...
Reliance on Cookies without Validation and Integrity Checking
Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Reliance on Cookies without Validation and Integrity Checking due to improper cookies validation through YoutubeDL.py. This vulnerability allows unscoped cookies to be...
USN-7086-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-10458 CVE-2024-10459,...
USN-6649-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-1547, CVE-2024-1548,...
X (Formerly Twitter): Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File
The vulnerability allowed the retrieval of a user's X username and user ID from a dynamically generated JavaScript file hosted on Twitter. An attacker could force a victim to import the file from a malicious website, bypassing the Same-Origin Policy and exposing the user's sensitive information...
SUSE CVE-2016-9900
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...
SUSE CVE-2021-32690
Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Thi...
CVE-2022-29248 Cross-domain cookie leakage in Guzzle
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...
ALPINE-CVE-2022-26357
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the...
Sixt GmbH & Co. Autovermietung KG BBP: Cross domain token leakage via Referer header
Summary: The password reset link of user account on critical sixt+ domain/product can be obtained using the page https://www.sixt.com/php/profile/loginorpasswordforgotten. This page requires email address and surname/lastname of the user to send password reset link on email. This link contains th...