281 matches found
CVE-2025-5064
Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-5064
Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 11 security fixes: 411573532 High CVE-2025-5063: Use after free in Compositing. Reported by Anonymous on 2025-04-18 417169470 High CVE-2025-5280: Out of bounds write in V8. Reported by pwn2car on 2025-05-12 40058068 Medium CVE-2025-5064: Inappropriate...
PT-2025-23028 · Google +2 · Google Chrome +2
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 137.0.7151.55 Description: The issue is related to an inappropriate implementation in the Background Fetch API, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could potential...
CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
Linux Distros Unpatched Vulnerability : CVE-2019-8515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1,...
GHSA-F27P-CMV8-XHM6 fetch: Authorization headers not dropped when redirecting cross-origin
Summary When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. Details...
PT-2025-4305 · Deno · Deno
Name of the Vulnerable Software and Affected Versions: Deno versions prior to 2.1.2 Description: Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When a request with the Authorization header is sent to one domain and the response asks to redirect to a different...
School Log Management System 1.0 SQL Injection / Code Execution
============================================================================================================================================= | Title : School Log Management System 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Simple College Website 1.0 SQL Injection / Code Execution
============================================================================================================================================= | Title : Simple College Website 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Hospital Management System 1.0 Code Injection
============================================================================================================================================= | Title : Hospital Management System 1.0WYSIWYG code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
GHSA-P9CG-VQCC-GRCX Server Side Request Forgery (SSRF) attack in Fedify
Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...
SUSE CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...
GHSA-FMG4-X8PW-HJHG Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard "" while also having the Access-Control-Allow-Credentials set to true...
Cache Poisoning
firefox is vulnerable to Cache Poisoning. The vulnerability is due to incorrect sharing of cache between the fetch API and navigation, as the cache key does not include optional headers that fetch may contain. It allows an attacker could potentially poison the local browser cache by priming it wi...
CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
Design/Logic Flaw
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...