CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

Chrome Universal XSS using plugin objects (CVE-2015-6772)

VULNERABILITY DETAILS This is a regression from issue 524120. Now that the widget updates are deferred until after the frame is detached from the document and beyond the lifetime of ScriptForbiddenScope, too, it is possible to attach another document to the frame before a new document is installe...