Lucene search
K

5 matches found

OSV
OSV
added 2026/05/06 4:58 p.m.18 views

GHSA-7GMJ-67G7-PHM9 Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

Summary A flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

8.8CVSS5.8AI score0.00312EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/26 9:53 p.m.4 views

Information Exposure

Overview @apollo/server is a spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. Successor to apollo-server-core, et al. Affected versions of this package are vulnerable to Information Exposure in the request handling process. An attacker can infer...

6.3CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2025/11/26 10:18 p.m.9 views

CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

7.7CVSS6.6AI score0.00572EPSS
Exploits0References9
OSV
OSV
added 2024/06/29 12:15 a.m.3 views

UBUNTU-CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS5.8AI score0.00428EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.4 views

SUSE CVE-2015-6759

The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors...

5CVSS8.8AI score0.01415EPSS
Exploits0References3
Rows per page
Query Builder