1279 matches found
CVE-2026-0102
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata...
Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata...
Microsoft Edge 安全漏洞
Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There is a security vulnerability in Microsoft Edge, where malicious websites may trigger automatic filling, potentially leading to the leakage of stored automatic filling data...
PT-2026-20271
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of...
CVE-2011-0217
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields...
CVE-2025-65203
KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials...
CVE-2025-65203
KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials...
PT-2025-51850
Name of the Vulnerable Software and Affected Versions KeePassXC-Browser versions through 1.9.9.2 Description The software autofills or prompts users to fill stored credentials into documents rendered under a browser-enforced Content Security Policy CSP directive and iframe attribute sandbox. This...
CVE-2025-65203
KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials...
CVE-2025-65203
CVE-2025-65203 affects KeePassXC-Browser up to version 1.9.9.2. The vulnerability arises when autofilled credentials in sandboxed documents under browser CSP and iframe sandbox allow attacker-controlled scripts in the sandbox to access populated form fields and exfiltrate credentials. Public advi...
ROS-20251216-7367
A vulnerability in the Autofill component of Google Chrome and Microsoft Edge browsers is related to errors in the implementation of security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...
Privacy Practices of Browser Agents
This paper presents a systematic evaluation of the privacy behaviors and attributes of eight recent, popular browser agents. Browser agents are software that automate Web browsing using large language models and ancillary tooling. However, the automated capabilities that make browser agents...
Fedora 43 : cef (2025-604e02ca72)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-604e02ca72 advisory. Update to 142.0.7444.162 High CVE-2025-12725: Out of bounds write in WebGPU High CVE-2025-12726: Inappropriate implementation in Views High...
ROS-20251202-06
A vulnerability in the Autofill component of the Google Chrome browser is related to presentation errors in the user interface user interface. Exploitation of the vulnerability could allow an attacker acting remotely, spoof the user interface using a specially crafted HTML page...
Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real
Attackers have a new trick to steal your username and password: fake browser pop-ups that look exactly like real sign-in windows. These “Browser-in-the-Browser” attacks can fool almost anyone, but a password manager and a few simple habits can keep you safe. Phishing attacks continue to evolve, a...
CVE-2024-7021
Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-7021
Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-7021
Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-7021
Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-7021
Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...