Lucene search
K

169 matches found

EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40762

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00216EPSS
Exploits0References3
OSV
OSV
added last week2 views

DEBIAN-CVE-2026-14075

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-14075

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added last week22 views

CVE-2026-14075

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

0.00216EPSS
Exploits0References2
Debian CVE
Debian CVE
added last week5 views

CVE-2026-14075

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00216EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54350

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient policy enforcement allows a remote attacker to bypass the no-referrer policy, which is a security mechanism that prevents the browser from sending the referrer heade...

9.6CVSS6AI score0.00413EPSS
Exploits0References437
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox

When processing a redirect that conflicts with a Referrer-Policy, Firefox would adopt the Referrer-Policy of the redirect. This could potentially result in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox...

6.5CVSS6.9AI score0.01007EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 11:8 p.m.7 views

GHSA-W7W5-5GCP-38RW nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

7.1CVSS5.5AI score0.00031EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/08 11:8 p.m.14 views

nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

5.5AI score0.00031EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47583

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

7.1CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47620

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.0 Description Response paths in internal/web/ and internal/api/ do not implement standard browser-security headers. The absence of X-Frame-Options: DENY or frame-ancestors 'none' in the Content-Security-Policy...

7.1CVSS5.9AI score0.00031EPSS
Exploits0References6
OSV
OSV
added 2026/05/05 10:20 p.m.4 views

GHSA-7WW3-XVF5-CXWM ciguard: Web UI is missing HTTP defence-in-depth headers

Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...

4.3CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/05 10:20 p.m.7 views

ciguard: Web UI is missing HTTP defence-in-depth headers

Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/13 8:2 p.m.1 views

GHSA-CWXJ-RR6W-M6W7 Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware

Impact Since version 1.4.0, Scrapy respects the Referrer-Policy response header to decide whether and how to set a Referer header on follow-up requests. If the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a...

7.5CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/13 8:2 p.m.23 views

Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware

Impact Since version 1.4.0, Scrapy respects the Referrer-Policy response header to decide whether and how to set a Referer header on follow-up requests. If the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 7:50 p.m.6 views

Gogs: Access tokens get exposed through URL params in API requests

Summary The Gogs API still accepts tokens in URL parameters such as token and accesstoken, which can leak through logs, browser history, and referrers. Details A static review shows that the API still checks tokens in the URL query before looking at headers: - internal/context/auth.go reads...

6.9CVSS5.9AI score0.00254EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/12/15 2:44 p.m.4 views

EUVD-2025-203381

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

6.9CVSS6.2AI score0.00075EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/15 2:44 p.m.26 views

CVE-2025-34412

...

0.00075EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51235

Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform versions affected versions not specified Description The application exhibits a protection mechanism failure in browser and session handling. It lacks essential HTTP security headers, including...

6.9CVSS6.2AI score0.00075EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.6 views

CVE-2025-34413

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

7.1CVSS6.7AI score0.00374EPSS
Exploits0References1
Rows per page
Query Builder