Lucene search
K

7001 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52039

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An inappropriate implementation in DeviceBoundSessionCredentials allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document ...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References6
CVE
CVE
added 2026/06/23 3:44 p.m.12 views

CVE-2026-54301

Summary: CVE-2026-54301 affects n8n prior to certain fixes. An authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type, bypassing the central Content-Security-Policy sandbox header. This allowed a publ...

7CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/23 12:59 p.m.10 views

JLSEC-2026-613 Redirect credential leakage across scheme/port in HTTP.jl

Description Redirect handling decided whether to retain credential-bearing headers Authorization, Cookie, Proxy-Authorization, etc. by comparing only the hostname, ignoring scheme and port. As a result an https→http downgrade or a same-host/different-port redirect was treated as same-origin and...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-50169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

6.1CVSS6AI score0.00165EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 6:16 p.m.6 views

DEBIAN-CVE-2026-50169

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS5.8AI score0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:41 p.m.3 views

CVE-2026-50169

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.9AI score0.00165EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:41 p.m.7 views

CVE-2026-50169

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS5.8AI score0.00165EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/22 4:36 a.m.7 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.8AI score0.00189EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 4:5 a.m.5 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.8AI score0.00189EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 3:17 a.m.5 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.8AI score0.00189EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 2:35 a.m.4 views

firefox: Same-origin policy bypass in the Networking: HTTP component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...

9.3CVSS5.8AI score0.00194EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 2:35 a.m.4 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References19
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Firefox

tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...

6.1CVSS7AI score0.00395EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementations of WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass the same-origin policy through a crafted HTML page...

6.3CVSS6.6AI score0.00648EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox, Thunderbird

A violation of the same-origin policy could have allowed the theft of cross-origin URL entries, leading to the leakage of the results of a redirect, through the use of performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

8.1CVSS7.6AI score0.00414EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Bypass of the same-origin policy in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

6.5CVSS6.6AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Firefox

A malicious extension with the “search” permission could have installed a new search engine, and the favicon of this engine referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing it to bypass the same-origin policy—even though the...

6.5CVSS6.9AI score0.00436EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass the same-origin policy through a crafted HTML page...

8.8CVSS6.9AI score0.00805EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox, Thunderbird

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while maintaining the visual properties of an HTTP connection. This means that the connection remains within the same origin as unencrypted connections on port 80. However, if a second...

6.5CVSS6.7AI score0.00805EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox

When a user opened the Web Extensions context menu, the Web Extension could access the post-redirect URL of the clicked element. If the Web Extension did not have the necessary WebRequest permissions for the hosts involved in the redirection, this would constitute a same-origin violation, allowin...

4.3CVSS6AI score0.00329EPSS
Exploits0References2
Rows per page
Query Builder