Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/06/16 11:53 a.m.28 views

CVE-2026-53899 Cross-origin cookies could be leaked when opening a PDF link

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

0.00096EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 11:53 a.m.24 views

CVE-2026-53899

CVE-2026-53899 affects Firefox for iOS. The issue arises from partial domain matching when attaching cookies to PDF requests, enabling a malicious site on a suffix domain to receive cookies belonging to the target site. The root cause is tied to how cookies were matched during PDF handling, leadi...

6.5CVSS5.3AI score0.00096EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/08 2:12 p.m.41 views

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/03/20 9:47 p.m.5 views

GHSA-HV36-P4W4-6VMJ AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload

Summary The objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting session.cookiesamesite = 'None' for HTTPS connections, an unauthenticated...

8.8CVSS6.2AI score0.00367EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-9899

Malware in sbrugna...

8.8CVSS9.2AI score0.01884EPSS
Exploits2References9
RedhatCVE
RedhatCVE
added 2025/05/23 6:53 a.m.10 views

CVE-2024-44212

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 2:15 a.m.4 views

CVE-2024-44212

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin...

5.3CVSS5.7AI score0.00256EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.3 views

PT-2024-31043 · Apple · Ipados +6

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18.1 visionOS versions prior to 2.1 tvOS versions prior to 18.1 iOS versions prior to 18.1 iPadOS versions prior to 18.1 watchOS versions prior to 11.1 Description: A cookie management issue was addressed with improve...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.5 views

SUSE CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

6.1CVSS8.3AI score0.01406EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

8.8CVSS7.2AI score0.01884EPSS
Exploits2References4
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.27 views

CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

7.9AI score0.01884EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.39 views

CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

8.8CVSS8.9AI score0.01884EPSS
Exploits2
CVE
CVE
added 2018/06/11 9:0 p.m.366 views

CVE-2016-9078

CVE-2016-9078 affects Mozilla Firefox prior to the 50.0.2 update. The issue is a redirect from an HTTP connection to a data: URL that can cause the data: URL to inherit the referring site’s origin, enabling potential same-origin policy violations when loading resources from malicious sites. Cross...

8.8CVSS7.8AI score0.01884EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2016/11/30 12:0 a.m.3 views

UBUNTU-CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

8.8CVSS7.2AI score0.01884EPSS
Exploits2References4
Rows per page
Query Builder