aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44201 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44201 Source advisory: OSV:PYSEC-2026-150...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44198 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44198 Source advisory: OSV:PYSEC-2026-147...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44200 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44200 Source advisory: OSV:GHSA-67RV-MG8Q-5PF3...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44201 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44201 Source advisory: OSV:GHSA-P5GM-92H4-6PV6...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44199 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44199 Source advisory: OSV:GHSA-PWM3-7FV4-G6XX...

SUSE CVE-2026-7945

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7945

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

In COOP mode in Google Chrome prior to version 98.0.4758.80, it was possible for a remote attacker to bypass the iframe sandbox through a crafted HTML page...

CVE-2026-35408

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...

alertwise (=1.0.0), cjkcms-seo (=2.4.0) +19 more potentially affected by CVE-2026-28223 via wagtail (>=6.0.0 <=6.3.1)

wagtail PYPI version =6.0.0, =6.0.0, =2.1.0, =0.1.1, =1.9.0, =2.8.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.2.0 - wagtail-sb-codefield =0.4.0 and more Source cves: CVE-2026-28223 Source advisory: SNYK:PYTHON-WAGTAIL-15371182...

aratinga (=0.1.0a0.dev3), coop (=7.1.0) +5 more potentially affected by CVE-2026-28223 via wagtail (>=7.1.0 <=7.1.3)

wagtail PYPI version =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.1.0b0 Source cves: CVE-2026-28223 Source advisory: SNYK:PYTHON-WAGTAIL-15371182...

aratinga (=0.1.0a0.dev3), coop (=7.1.0) +5 more potentially affected by CVE-2026-28223 via wagtail (>=7.1.0 <=7.1.3)

wagtail PYPI version =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.1.0b0 Source cves: CVE-2026-28223 Source advisory: OSV:GHSA-P4V8-RW59-93CQ...

Origin Validation Error

pgadmin4 vulnerable to Origin Validation Error. The vulnerability is due to insufficient COOP header enforcement because of the application failing to set or correctly validate Cross-Origin-Opener-Policy on OAuth and related pages, and an attacker can abuse this by manipulating the OAuth flow...

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider , a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and...

aldryn-django (=5.0.10.0), artd-customer (>=0.0.20 <=0.0.23) +65 more potentially affected by CVE-2024-56374 via django (>=5.0.0 <=5.0.10)

django PYPI version =5.0.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =0.35.0 and more Source cves: CVE-2024-56374 Source advisory: SNYK:PYTHON-DJANGO-8623541...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +80 more potentially affected by CVE-2024-41990 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +80 more potentially affected by CVE-2024-38875 via django (>=4.2.0 <=4.2.13)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-38875 Source advisory: OSV:PYSEC-2024-56...

gyf20.coop Cross Site Scripting vulnerability OBB-3905630

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

rhoda-coop.com Cross Site Scripting vulnerability OBB-3838157

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

oldcastlecoop.ie Cross Site Scripting vulnerability OBB-3415121

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...