540 matches found
CVE-2026-52842
Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated...
CVE-2026-52842
Lightpanda (headless browser) prior to version 0.3.1 incorrectly searched for the character @ across the entire URL when computing origin, rather than only the authority component. This caused a URL like http://attacker.com/@victim.com/ to be fetched from attacker.com but treated as http://victim...
CVE-2026-52842 Lightpanda:URL parser misidentifies page origin for URLs containing @ in the path - Same-Origin Policy bypass
Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated...
DEBIAN-CVE-2026-15775
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15768
Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15768
Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15768
CVE-2026-15768 affects Google Chrome’s HTML-in-Canvas: insufficient policy enforcement could allow a remote attacker to bypass the same-origin policy via a crafted HTML page. The issue is tied to Chrome prior to version 150.0.7871.125. A Chromium security advisory confirms this CVE among 15 fixes...
EUVD-2026-42453
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15124
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-15115
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
PT-2026-56643
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description Insufficient policy enforcement in the Passwords component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or...
firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...
EUVD-2026-40726
Insufficient policy enforcement in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40607
Insufficient validation of untrusted input in DeviceBoundSessionCredentials in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
Linux Distros Unpatched Vulnerability : CVE-2026-13838
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2026-13839
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
CVE-2026-14105
Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-14079
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14046
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-14046
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...