CVE-2025-69234

Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment...

CVE-2025-69234

Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment...

CVE-2025-69234

Affected software: Whale browser (pre-4.35.351.12). Vulnerability: iframe sandbox escape in a sidebar environment. Root cause / impact: An attacker could escape the iframe sandbox, potentially bypassing security restrictions associated with the sandboxed context. The CVE entry and connected advis...

Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser from Naver, a Korean company that supports user-defined interfaces. A security vulnerability exists in Naver Whale Browser versions prior to 4.35.351.12, which originates from an iframe sandbox escape in the sidebar environment...

PT-2025-53834

Name of the Vulnerable Software and Affected Versions Whale browser versions prior to 4.35.351.12 Description The Whale browser is susceptible to an iframe sandbox escape in a sidebar environment. An attacker can leverage this to bypass security restrictions imposed by the iframe sandbox...

EUVD-2025-205456

n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox...

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

EUVD-2024-24902

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

AIRC MyNET 安全漏洞

AIRC MyNET is a specialized online management system from AIRC Portugal. A security vulnerability exists in AIRC MyNET v26.06 and earlier versions, which stems from an iframe injection issue with the src parameter that could lead to the execution of arbitrary code by a remote attacker...

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

PT-2025-52681

Name of the Vulnerable Software and Affected Versions MyNET versions 26.06 and earlier Description An iframe injection issue exists that allows a remote attacker to execute arbitrary code. The issue is related to the src parameter. Recommendations Versions prior to 26.06 should be updated...

CVE-2024-27708

CVE-2024-27708 affects AIRC MyNET v26.06 and earlier. An iframe injection via the src parameter allows remote code execution with network access and user interaction required. The vulnerability impact is rated CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Red Hat and ENISA/EUVD entrie...

CVE-2025-14812

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...

CVE-2025-14812

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...

CVE-2025-14812

CVE-2025-14812 affects ArcSearch for iOS (Browser Company) prior to version 1.45.2. Affected behavior: after iframe-triggered URI-scheme navigation, the address bar may display a different domain than the content being shown, enabling spoofing risk. Root cause (as described in connected sources):...

CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...

CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...