8700 matches found
CVE-2026-56743
Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom...
CVE-2026-52842
Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated...
CVE-2026-52842
Lightpanda (headless browser) prior to version 0.3.1 incorrectly searched for the character @ across the entire URL when computing origin, rather than only the authority component. This caused a URL like http://attacker.com/@victim.com/ to be fetched from attacker.com but treated as http://victim...
CVE-2026-52842 Lightpanda:URL parser misidentifies page origin for URLs containing @ in the path - Same-Origin Policy bypass
Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated...
CVE-2026-60087 PraisonAI before 1.6.78 Tool Approval Cache Bypass
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...
CVE-2026-42936
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2026-42936
The CVE-2026-42936 entry concerns the HYPER SBI 2 installer, which insecurely loads Dynamic Link Libraries. A local attacker can place a crafted DLL in the installer’s directory, enabling arbitrary code execution with the invoking user’s privileges during installation. The documented impact is hi...
EUVD-2026-44591
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
EUVD-2026-44576
Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices. An attacker with access to the firmware image can extract the embedded key. Successful exploitation may allow an unauthenticated attacker on the same...
CVE-2026-15775
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15768
Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15775
CVE-2026-15775 affects Google Chrome's V8 under a pre-150.0.7871.125 build. The issue is an inappropriate implementation that allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Impact is described as high in Chromium notes, with exploitation requiring user interac...
CVE-2026-15775
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15768
CVE-2026-15768 affects Google Chrome’s HTML-in-Canvas: insufficient policy enforcement could allow a remote attacker to bypass the same-origin policy via a crafted HTML page. The issue is tied to Chrome prior to version 150.0.7871.125. A Chromium security advisory confirms this CVE among 15 fixes...
CVE-2026-15768
Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...
firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...
firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...
firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...
firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...