Exploit for Cross-Site Request Forgery (CSRF) in Nosurf_Project Nosurf

CVE-2025-46721: CSRF...

SUSE CVE-2016-5196

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HT...

SUSE CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

CVE-2025-3071

CVE-2025-3071 concerns Google Chrome (Chromium project). The vulnerability is described as an inappropriate implementation in Navigations that allowed a remote attacker to bypass the same-origin policy when a user engaged specific UI gestures on a crafted HTML page, before version 135.0.7049.52. ...

CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2025-14453 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 135.0.7049.52 Description: The issue is related to an inappropriate implementation in Navigations, allowing a remote attacker to bypass the same origin policy via a crafted HTML page if the user is convinced to...

PT-2025-23203

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4 visionOS versions prior to 2.4 macOS Sequoia versions prior to 15.4 Description: The issue allows a website to bypass Same Origin Policy. This was addresse...

CVE-2024-8024

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by manipulating the content type of responses. PoC...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by manipulating the content type of responses. PoC...

CVE-2024-8024

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...

CVE-2024-4023

A stored cross-site scripting XSS vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML fil...

CVE-2024-8024 CORS Misconfiguration in netease-youdao/qanything

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...

CVE-2024-8024 CORS Misconfiguration in netease-youdao/qanything

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...

CVE-2024-8024

CVE-2024-8024 : A misconfigured Cross-Origin Resource Sharing (CORS) policy in netease-youdao/qanything version 1.4.1 allows cross-origin requests to bypass the Same-Origin Policy, potentially exposing sensitive information. The root cause is improper CORS configuration; no specific exploit detai...