3 matches found
CVE-2026-34767
CVE-2026-34767 affects Electron before 38.8.6, 39.8.3, 40.8.3, and 41.0.3. It describes HTTP response header injection when apps register custom protocol handlers (protocol.handle / protocol.registerSchemesAsPrivileged) or modify headers via webRequest.onHeadersReceived if attacker-controlled inp...
CVE-2025-9292 Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
The vulnerability of the Firefox ESR browser allows a malicious actor to forge cross-site requests.
The vulnerability of Firefox ESR’s navigator.sendBeacon function, related to the processing of HTTP status codes 30x. Exploiting this vulnerability allows a malicious actor to bypass CORS access controls and forge cross-site requests by using a specially crafted website...