GHSA-VM6G-8R4H-22X8 Qwik City CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data)

Summary A typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. Impact An attacker can bypass Qwik City’s Origin-based CSRF protections and perform forged form submissions, potentially causing unauthorized state changes...

PT-2026-6487

Summary A typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. Impact An attacker can bypass Qwik City’s Origin-based CSRF protections and perform forged form submissions, potentially causing unauthorized state changes...

CVE-2023-23600

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. This bug only affects Firefox for Android. Other...

CVE-2018-9078

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...

Mac OS X : Apple Safari < 6.0.3 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X 10.7 or 10.8 host is earlier than 6.0.3. It is, therefore, potentially affected by several issues : - Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code...