3 matches found
EUVD-2026-36729
webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies...
koajs cors security breach
koajs cors is a cross-origin resource share for koa. A security vulnerability exists in koajs cors prior to version 5.0.0, which stems from the fact that if an allowed source is not provided, it will return an Access-Control-Allow-Origin header containing the source value in the request, which...
CVE-2022-30334
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that us...