CVE-2026-2790

Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

UBUNTU-CVE-2026-2790

Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2790

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2790

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2790

CVE-2026-2790 describes a same-origin policy bypass in the Firefox Networking: JAR component. Affected products are Firefox versions older than 148 and Firefox ESR older than 140.8. The root cause and exact exploitation details are not elaborated in the provided documents beyond the policy bypass...

CVE-2026-2790

Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

EUVD-2026-8443

Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox 148 and Firefox ESR 140.8...

CVE-2026-2790

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2025-68930

Traccar open-source GPS tracking system versions up to 6.11.1 are affected by a Cross-Site WebSocket Hijacking (CSWSH) in the /api/socket endpoint. The vulnerability arises from the application not validating the Origin header during the WebSocket handshake, allowing an attacker to bypass Same-Or...

PT-2026-21550

Name of the Vulnerable Software and Affected Versions Traccar versions up to and including 6.11.1 Description The Traccar GPS tracking system is susceptible to a Cross-Site WebSocket Hijacking CSWSH issue. The application does not properly validate the Origin header during the WebSocket handshake...

PT-2026-31534

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw exists in Google Chrome's handling of WebSockets due to insufficient validation of untrusted input. A remote attacker who has compromised the renderer process can bypass the same...

OESA-2026-1285 thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in...

CVE-2026-25051

n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to...

n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

Impact A Cross-site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user...

CVE-2026-25051

n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to...

📄 Mailpit 1.28.1 Cross Site WebSocket Hijacking

A cross site websocket hijacking vulnerability exists in Mailpit versions 1.28.1 and below. The vulnerability allows remote attackers to intercept sensitive data such as email contents, headers, and server statistics in real-time. Mailpit - Cross-Site WebSocket Hijacking CSWSH Advisory ID:...

OESA-2026-1264 thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in...

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...