8286 matches found
PT-2025-46359
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 145 Firefox ESR versions prior to 140.5 Description A same-origin policy bypass exists in the DOM: Workers component. This allows for potential unauthorized access or manipulation of data due to insufficient...
firefox -- Use-after-free
https://bugzilla.mozilla.org/showbug.cgi?id=1995686 reports: Use-after-free in the WebRTC: Audio/Video component. Same-origin policy bypass in the DOM: Workers component. Mitigation bypass in the DOM: Security component. Same-origin policy bypass in the DOM: Notifications component. Incorrect...
PT-2025-46357
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 145 Firefox ESR versions prior to 140.5 Description A same-origin policy bypass exists within the DOM Notifications component. This allows for potential unauthorized access or manipulation of data due to insufficient...
CVE-2025-63716
The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...
EUVD-2025-38303
The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...
CVE-2025-63717
The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...
CVE-2025-63717
The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...
CVE-2025-63716
The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...
CVE-2025-63716
The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...
Lexmark Printers Denial of Service (CVE-2019-14816)
A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. The vulnerability can be exploited by an attacker on the same WiFi physical network segment to cause a system crash resulting in a denial of service or potentially execution of arbitrary code. %NASLMINLEVEL 80900 C Tenable,...
CVE-2025-63717
The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...
CVE-2025-63716
The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...
CVE-2025-63716
The CVE-2025-63716 entry concerns SourceCodester Leads Manager Tool v1.0, which is vulnerable to Cross-Site Request Forgery (CSRF). The root cause stated across sources is lack of CSRF protection mechanisms (no anti-CSRF tokens and no same-origin verification) on critical endpoints, enabling unau...
PT-2025-45479
Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description The application lacks sufficient anti-CSRF protections, such as anti-CSRF tokens or same-site cookie restrictions. This allows attackers to potentially trick authenticated...
EUVD-2025-38317
The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...
FreeBSD : Firefox -- Same-origin policy bypass (944d968c-b808-11f0-8016-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 944d968c-b808-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1970490 reports: Same-origin policy bypass in the Layout...
FreeBSD : Mozilla -- Same-origin policy bypass in the Graphics: Canvas2D component (0723a60e-b80a-11f0-8016-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0723a60e-b80a-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1979782 reports: Same-origin policy bypass in the Graphics:...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
Astra Linux – Vulnerability in Firefox, Thunderbird
Bypass of the same-origin policy in the Layout component. This vulnerability has been fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...