CVE-2026-7604 JeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgery

A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is...

PT-2026-36571

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2 Description An issue in the OpenApi Service component allows remote attackers to perform server-side request forgery SSRF, a flaw where the server is coerced into making unintended requests. This occurs throug...

EUVD-2026-19883

WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs...

PT-2026-28614

Name of the Vulnerable Software and Affected Versions Happy DOM versions prior to 20.8.9 Description Happy DOM, a JavaScript implementation of a web browser without a graphical user interface, has an issue where it may attach cookies from the current page origin instead of the request target URL...

CVE-2025-36553

creationtimestamp| type| source ---|---|--- 2025-11-17 14:30:28+00:00| seen| https://infosec.place/objects/8f84a625-4d26-4f7a-8ceb-715fd1d88828 2025-11-18 01:45:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5umizmxaa2s 2025-11-18 07:52:26+00:00| seen|...

EUVD-2017-6871

Malware in sbrugna...

gstreamer1-plugins-base security update

1.16.1-5.0.1 - Update origin URL Orabug: 36209826 1.16.1-5 - Fixes for CVE-2024-47538, CVE-2024-47607, CVE-2024-47615 Resolves: RHEL-70974, RHEL-71010, RHEL-70986...

gstreamer1-plugins-base security update

1.16.1-3.0.1 - Update origin URL Orabug: 36209826 1.16.1-3 - CVE-2023-37328 gstreamer1-plugins-base: heap overwrite in subtitle parsing - Resolves: RHEL-19472...

Brave Android 1.59.117 Security Fixes

Updated which origins and URLs trigger debouncing and request-OTR protections as reported on HackerOne by nishimunea. - Fixed crash when loading brave://optimization-guide-internals as reported on HackerOne by jaguilera. Upgraded Chromium to 118.0.5993.70 — refer to Google Chrome advisories for...

SUSE CVE-2018-20483

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...

CVE-2022-42927

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

Design/Logic Flaw

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

CVE-2022-42927

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5709-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5709-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

GLSA-202210-34 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-34 Mozilla Firefox: Multiple Vulnerabilities - A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. CVE-2022-42927 - Certain...

CVE-2022-42927

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

Oracle Linux 8 : thunderbird (ELSA-2022-7190)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7190 advisory. 102.4.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.4.0-1 - Update to 102.4.0 build1 Tenable has...

Mozilla Thunderbird < 102.4

The version of Thunderbird installed on the remote Windows host is prior to 102.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-46 advisory. - Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird...

Debian dla-3156 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3156 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3156-1 [email protected]...

CVE-2022-42927

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a same-origin policy violation that could have allowed the theft of cross-origin URL entries, leaking the result of a redirect via performance.getEntries...