4180 matches found
Astra Linux - уязвимость в chromium
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
The incorrect security UI in the Navigation section of Google Chrome prior to version 112.0.5615.49 allowed a remote attacker to perform domain spoofing through a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в chromium
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в firefox
The fetch API and navigation incorrectly shared the same cache. The cache key did not include the optional headers that fetch might contain. Under the correct circumstances, an attacker could have been able to corrupt the local browser cache by using a fetch response controlled by these additiona...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в chromium
The inappropriate implementation of the Extensions API in Google Chrome prior to version 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions through a crafted HTML page...
Astra Linux - уязвимость в chromium
The use of “after free” in Navigation in Google Chrome before version 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium, webkit2gtk
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux - уязвимость в chromium
Inappropriate implementations of navigation functions in Google Chrome on iOS before version 90.0.4430.72 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...
ROS-20260520-73-0006
A vulnerability in the Navigation feature of Google Chrome and Microsoft Edge browsers is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the sandbox protection mechanism...
ROS-20260520-73-0055
A vulnerability in the Navigation function of the Google Chrome web browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
ROS-20260520-73-0019
A vulnerability in the Navigation function of Google Chrome and Microsoft Edge is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...
PT-2026-41962
Name of the Vulnerable Software and Affected Versions Nuxt versions 3.4.3 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 Description When using the navigateTo function with the external: true option, the software generates a server-side HTML redirect body containing a tag. The destinati...
PT-2026-41723
Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. By using malicious page or...
Cross-site Scripting (XSS)
ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled post data in the Menu Management functionality, which allows an attacker to inject malicious scripts that execute in administrative dashboards and...