Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

GHSA-5V8V-XVJV-57X7 Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

CVE-2026-26266

AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...

CVE-2025-58406

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...

CVE-2025-58406

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...

CVE-2025-58406

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...

CVE-2025-58406

Technical details about CVE-2025-58406 are not provided in the supplied documents. For CGM CLININET, specifics such as affected versions, root cause, and fixes are not disclosed here; monitor for updates.

EUVD-2025-208152

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...

MiracleLinux 7 : firefox-68.2.0-1.0.1.el7.AXS7 (AXSA:2019-4378:06)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4378:06 advisory. Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 Mozilla: Use-after-free when creating index updates in IndexedDB...

SUSE CVE-2018-5108

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106)

This update upgrades Thunderbird to version 68.2.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total...

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20191031)

Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total Security CVE-2019-11758 - Mozilla: Stack buffer overfl...

CentOS 7 : thunderbird (CESA-2019:3210)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 7 : thunderbird (RHSA-2019:3210)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3210 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fixes: Mozilla:...

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

Mozilla Thunderbird Security Advisories (MFSA2019-32, MFSA2019-35) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...