Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.7 views

PT-2025-47301

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A Cross-Site Request Forgery CSRF issue exists in multiple WSO2 products. This is due to the use of the HTTP GET method for state-changing operations within admin services, specifically...

8.8CVSS6.2AI score0.00195EPSS
Exploits0References6
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Important: firefox

Issue Overview: Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100. CVE-2022-29912 In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an...

8.1CVSS9.9AI score0.00644EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/03/22 12:36 p.m.12 views

CVE-2024-7806

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

8.8CVSS8.6AI score0.00444EPSS
Exploits2References1
Veracode
Veracode
added 2020/12/06 4:44 a.m.28 views

Improper Input Validation

chromium is vulnerable to improper input validation. The vulnerability exists due to lack of validation of ancestor frames site when sending lax cookies in navigation in Google Chrome, allowing a malicious user to bypass SameSite cookie policy via a crafted HTML page...

6.5CVSS2.6AI score0.0255EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder