CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

GHSA-J944-W549-3453 Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...

Insertion Of Sensitive Information Into Sent Data

Axios is vulnerable to Insertion of Sensitive Information Into Sent Data. The vulnerability is due to improper use of truthy/falsy evaluation for the withXSRFToken configuration instead of strict boolean checks, which allows an attacker to force XSRF tokens to be sent to malicious cross-origin...

PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint

Summary The AGUI endpoint POST /agui has no authentication and hardcodes Access-Control-Allow-Origin: on all responses. Combined with Starlette/FastAPI's Content-Type-agnostic JSON parsing, any website a victim visits can silently trigger arbitrary agent execution against a locally-running AGUI...

AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

Summary The plugin/Permissions/setPermission.json.php endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and the application explicitly sets session.cookiesamesite=None on session cookies. This allows an...

CVE-2025-58406 Lack of HTTP Response Headers

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...

TencentOS Server 3: webkit2gtk3 (TSSA-2025:1000)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1000 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-31205

The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin...

MGASA-2022-0427 Updated firefox packages fix security vulnerability

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations CVE-2022-43680. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for...

UBUNTU-CVE-2022-22637

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior...

USN-3058-1 oxide-qt vulnerabilities

An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. CVE-2016-5141 A use-after-free was discovered in the WebCrypto implementation in Blink. If a user were tricked in to...