Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/07/06 7:42 p.m.37 views

CVE-2026-50134 Hugo: security.http.urls allow-list bypass via HTTP redirects

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS0.00249EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2018/09/27 12:0 a.m.44 views

Microsoft Edge - Sandbox Escape

Content process - Privileged content process firststage.js When spawning a new Edge content process, its privilege is determined by its URL. This URL check is performed by the LCIEUrlPolicy::GetPICForPrivilegedInternalPage method in eModel.dll. The method calls several another methods to check...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.14 views

Insecure Cross-Domain Policy (allow-http-request-headers-from)

The browser security model normally prevents web content from one domain from accessing data from another domain. This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data. They permit operations that are not permitted by default. The URL...

7.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.20 views

Insecure Cross-Domain Policy (allow-access-from)

The browser security model normally prevents web content from one domain from accessing data from another domain. This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data. They permit operations that are not permitted by default. The URL...

7.1AI score
Exploits0References2
Rows per page
Query Builder