CVE-2025-9544

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...

GHSA-7CXJ-W27X-X78Q SillyTavern Web Interface Vulnerable DNS Rebinding

Summary The web UI for SillyTavern is susceptible to DNS rebinding, allowing attackers to perform actions like install malicious extensions, read chats, inject arbitrary HTML for phishing, etc. Details DNS rebinding is a method to bypass the CORS policies by tricking the browser into resolving...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google Inc. in the United States. A security vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from an inadequate enforcement of Extensions API policies, allowing remote attackers to bypass corporate policies via a crafted HTML...

Microsoft Edge Security Bypass Vulnerability (CNVD-2019-42801)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge EdgeHTML-based, which arises from the program failing to properly handle extension requests and failing to request host privileges for...

UBUNTU-CVE-2017-5389

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user...