webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...

webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...

webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...

Apple patches WebKit bug that could let sites access your data

Apple has released a Background Security Improvement to patch a flaw that could allow malicious websites to bypass browser protections and access data from other sites. What is it? The patched WebKit vulnerability is described as: “A cross-origin issue in the Navigation API was addressed with...

EUVD-2026-12663

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy...

CVE-2026-20643

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously...

MAL-2025-47101 Malicious code in quick-navigation-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293f1ac2032d67eaf1bdca4962d876dc2f82271c474d5fbf4f3a6d2d50b71d63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in quick-navigation-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293f1ac2032d67eaf1bdca4962d876dc2f82271c474d5fbf4f3a6d2d50b71d63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

VulnCheck KEV: CVE-2024-46510

ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface...

Ian Dunn: XSSI: Quick Navigation Interface - leak of private page/post titles

CVSS ---- Medium 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Description ----------- The Quick Navigation Interface plugin includes the names of all posts and pages in an automatically generated JavaScript file. By including this file in their own page, an attacker can view all post titles -...