Lucene search
+L

540 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-52842

Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated...

9.3CVSS0.00161EPSS
Exploits0References4
CVE
CVE
added 3 days ago13 views

CVE-2026-52842

Lightpanda (headless browser) prior to version 0.3.1 incorrectly searched for the character @ across the entire URL when computing origin, rather than only the authority component. This caused a URL like http://attacker.com/@victim.com/ to be fetched from attacker.com but treated as http://victim...

9.3CVSS6.1AI score0.00161EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-52842 Lightpanda:URL parser misidentifies page origin for URLs containing @ in the path - Same-Origin Policy bypass

Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated...

9.3CVSS6.1AI score0.00161EPSS
Exploits0References6
OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-15775

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-15768

Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-15768

Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

0.00208EPSS
Exploits0References2
CVE
CVE
added 4 days ago15 views

CVE-2026-15768

CVE-2026-15768 affects Google Chrome’s HTML-in-Canvas: insufficient policy enforcement could allow a remote attacker to bypass the same-origin policy via a crafted HTML page. The issue is tied to Chrome prior to version 150.0.7871.125. A Chromium security advisory confirms this CVE among 15 fixes...

6.5CVSS6.1AI score0.00208EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/09 12:31 a.m.7 views

EUVD-2026-42453

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6AI score0.00168EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 11:16 p.m.8 views

CVE-2026-15124

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

4.3CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 11:16 p.m.2 views

DEBIAN-CVE-2026-15115

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

3.3CVSS6.1AI score0.00089EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.12 views

PT-2026-56643

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description Insufficient policy enforcement in the Passwords component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or...

8.8CVSS6AI score0.0026EPSS
Exploits0References36
RedHat Linux
RedHat Linux
added 2026/07/07 6:39 a.m.4 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.9AI score0.00189EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40726

Insufficient policy enforcement in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40607

Insufficient validation of untrusted input in DeviceBoundSessionCredentials in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00319EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-13838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

6.5CVSS6.2AI score0.00218EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-13839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

6.5CVSS6.2AI score0.00218EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-14105

Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

9.6CVSS0.00167EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14079

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-14046

Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-14046

Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References1
Rows per page
Query Builder