UFONet 2.0

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc...

Astra Linux - уязвимость в firefox, thunderbird

An attacker could exploit XSLT error handling mechanisms to associate content controlled by the attacker with another origin that is displayed in the address bar. This could be used to trick users into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...

Astra Linux - уязвимость в firefox, thunderbird

A crafted URL containing Arabic script and whitespace characters could potentially hide the true origin of the page, leading to a potential spoofing attack. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

Astra Linux - уязвимость в firefox, thunderbird

The truncation of a long URL could have allowed for origin spoofing in a permission prompt. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set the origin through a crafted HTML page...

Astra Linux - уязвимость в chromium

The inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites through a crafted HTML page...

Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...

CVE-2026-26927

CVE-2026-26927 affects Szafir SDK Web and SzafirHost usage: Szafir SDK Web can launch SzafirHost with arbitrary arguments by exploiting an unvalidated document_base_url shown in the confirmation prompt. An unauthenticated attacker can craft a site to initiate the host, and if the user confirms (w...

CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

Exploit for Missing Authorization in Google Chrome

!DOIhttps://img.shields.io/badge/DOI-10.5281%2Fzenodo.184137...

EUVD-2002-0714

Malware in sbrugna...

EUVD-2014-1424

Malware in sbrugna...

EUVD-2016-2710

Malware in sbrugna...

EUVD-2013-0805

Malware in sbrugna...

EUVD-2005-2269

Malware in sbrugna...

EUVD-2022-24798

Malicious code in bioql PyPI...

EUVD-2023-33949

Malicious code in bioql PyPI...

EUVD-2025-25231

Malicious code in bioql PyPI...

Unspecified Vulnerability in Mozilla Firefox for Android (CNVD-2025-19561)

Mozilla Firefox for Android is a web browser designed for Android devices by the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox for Android prior to version 141, which stems from a blob:URI that may hide the true origin of a page and can be exploited by an attacke...

CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 141...