4 matches found
PT-2025-47301
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A Cross-Site Request Forgery CSRF issue exists in multiple WSO2 products. This is due to the use of the HTTP GET method for state-changing operations within admin services, specifically...
Important: firefox
Issue Overview: Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100. CVE-2022-29912 In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an...
CVE-2024-7806
A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...
Improper Input Validation
chromium is vulnerable to improper input validation. The vulnerability exists due to lack of validation of ancestor frames site when sending lax cookies in navigation in Google Chrome, allowing a malicious user to bypass SameSite cookie policy via a crafted HTML page...