4198 matches found
EUVD-2025-37235
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...
CVE-2025-48980
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...
Coordinated Position Falsification Attacks and Countermeasures for Location-Based Services
With the rise of location-based service LBS applications that rely on terrestrial and satellite infrastructures e.g., GNSS and crowd-sourced Wi-Fi, Bluetooth, cellular, and IP databases for positioning, ensuring their integrity and security is paramount. However, we demonstrate that these...
CVE-2025-48980
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...
CVE-2025-48980
Brave Browser Desktop (pre-1.83.10) with Split View enabled has a cookie handling flaw in the Open Link in Split View context menu: SameSite=Strict cookies could be sent during cross-site navigation. This is tied to Brave’s Split View behavior and affects confidentiality with cross-site requests....
CVE-2025-48980
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...
PT-2025-44560
Name of the Vulnerable Software and Affected Versions Brave Browser versions prior to 1.83.10 Description The "Open Link in Split View" context menu item in Brave Browser Desktop did not correctly handle the SameSite cookie attribute when the split view feature was enabled. Specifically,...
Fedora 43 : wordpress (2025-8e71abf396)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8e71abf396 advisory. WordPress 6.8.3 Release Security updates included in this release: A data exposure issue where authenticated users could access some restricted content...
Malicious code in circuitx-navigation-test (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-48824 Malicious code in circuitx-navigation-test (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in circuitx-navigation (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-48823 Malicious code in circuitx-navigation (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-48822 Malicious code in circuitx-gesture-navigation-test (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in circuitx-gesture-navigation (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-48821 Malicious code in circuitx-gesture-navigation (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-62595
KoaJS CVE-2025-62595 affects Koa until patched: versions 2.16.2–2.16.2.x before 2.16.3 and 3.0.1–3.0.2.x before 3.0.3 are vulnerable to a Referer header bypass that can force user redirects to external sites via back redirect in the HTTP header handling. Root cause: some crafted URLs are treated ...
reflex-dev/reflex has an Open Redirect vulnerability
Mitigation Make sure GITHUBCODESPACESPORTFORWARDINGDOMAIN is not set in a production environment. So the following is correct: assert os.getenv"GITHUBCODESPACESPORTFORWARDINGDOMAIN" is None Vulnerability Description --- Vulnerability Overview - When the GET /auth-codespace page loads in a GitHub...
CVE-2025-62379
Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...
CVE-2025-20722
In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798...
CVE-2025-20722
In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798...