CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Malicious code in web3-transaction-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63a3a91b39e7804776f460e61b29fcfbece7076ea6eec3c53e51ea02270b353f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 11 security fixes: 411573532 High CVE-2025-5063: Use after free in Compositing. Reported by Anonymous on 2025-04-18 417169470 High CVE-2025-5280: Out of bounds write in V8. Reported by pwn2car on 2025-05-12 40058068 Medium CVE-2025-5064: Inappropriate...

PT-2025-23028 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 137.0.7151.55 Description: The issue is related to an inappropriate implementation in the Background Fetch API, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could potential...

CVE-2024-38372

Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. This has been patched in v6.19.2...

CVE-2024-1554

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...

CVE-2024-30619

Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=getcountmessage" AND "/main/inc/ajax/online.ajax.php?a=getusersonline."...

CVE-2024-1215

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetchdata.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched...

CVE-2024-31303

Cross-Site Request Forgery CSRF vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.11.1...

CVE-2024-11616

Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both...

CVE-2023-39165

Cross-Site Request Forgery CSRF vulnerability in Fetch Designs Sign-up Sheets plugin = 2.2.8 versions...

CVE-2023-1750

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information...

CVE-2022-48357

Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service DoS attacks to the kernel...

CVE-2022-38770

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to fetch other users' data upon a successful login request...

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

CVE-2020-14160

An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources...

CVE-2020-7243

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. In some cases, authentication can be achieved with the comtech password for the comtech account...

CVE-2020-23878

pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch...

CVE-2020-19464

An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow...