CVE-2025-53600

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-53600

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-53600

CVE-2025-53600 affects Whale Browser prior to version 4.32.315.22. The vulnerability allows bypassing the Same-Origin Policy in a dual-tab environment, potentially enabling cross-origin data access/manipulation. Affected component is the browser’s tab/origin sandboxing behavior as described in mu...

CVE-2025-53600

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment...

Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser from Naver, a South Korean company that supports user-defined interfaces. A security vulnerability exists in Naver Whale Browser versions prior to 4.32.315.22, which stems from a possible bypass of the same-origin policy in a two-tab environment...

PT-2025-27864 · Unknown · Whale Browser

Name of the Vulnerable Software and Affected Versions: Whale browser versions prior to 4.32.315.22 Description: The issue allows an attacker to bypass the Same-Origin Policy in a dual-tab environment. This means that an attacker could potentially access or manipulate data from another origin, whi...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass the same-origin policy through a crafted HTML page. Chromium security severity: Low...

webpack-dev-server users' source code may be stolen when they access a malicious web site

Summary Source code may be stolen when you access a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. Note that the attacker has to know the port and the output entrypoi...

CVE-2025-30359

Webpack-dev-server CVE-2025-30359 affects the development server used to serve webpack bundles. Before version 5.2.1, an attacker could steal a user’s source code via a malicious site by injecting a script and abusing prototype pollution; exploitation could reveal code through webpack_modules via...

DNS rebinding attacks explained: The lookup is coming from inside the house!

My colleague Kevin Stubbings mentioned the topic of DNS rebinding attacks in a previous blog post. No worries if you haven't read it yet though--in this article, we'll walk you through the concept of DNS rebinding from scratch, demystify how it works, and explore why it's a serious browser-based...

CVE-2025-30466

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy...

CVE-2025-30466

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy...

CVE-2025-30466

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy...

CVE-2025-30466

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy...

CVE-2025-30466

CVE-2025-30466 concerns a bypass of the Same Origin Policy in Apple web/OS components. The issue is addressed through improved state management and is fixed in Safari 18.4, iOS 18.4, iPadOS 18.4, visionOS 2.4, and macOS Sequoia 15.4. The CVE entry lists network as the attack vector, with no user ...

CVE-2025-30466

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS versions prior to 18.4, which originates from a website that...

CVE-2024-6398

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...

CVE-2024-23633

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

CVE-2023-49803

@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...