darkreader 安全漏洞

DarkReader is an open-source web dark mode browser extension developed by Dark Reader. Versions of DarkReader prior to 4.9.117 contained a security vulnerability, which was caused by improper cross-source style sheet handling. This vulnerability could allow access to style sheets on the local...

Server-Side Request Forgery (SSRF)

SvelteKit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of host and origin resolution during prerendered route processing, where crafted requests can trigger internal requests or cause excessive resource usage, leading to SSRF or service disrupti...

About the security content of Safari 26.2

About the security content of Safari 26.2 This document describes the security content of Safari 26.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Cross-Site Scripting (XSS)

Axios is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper origin determination and unsafe handling of the href attribute in the lib/helpers/isURLSameOrigin.js file, which does not use a proper URL object. It allows an attacker to manipulate the href attribute and injec...

SUSE CVE-2016-5133

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...

resteasy: Vary header not added by CORS filter leading to cache poisoning

It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances...

UBUNTU-CVE-2016-5133

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...

glibc: ld.so insecure handling of privileged programs' RPATHs with $ORIGIN

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...

CVE-2010-3730

Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue...