Cross-Site Request Forgery

Cross-Site Request Forgery CSRF is a confused deputy attack where the attacker causes the browser to send a request to a target using the ambient authority of the user’s cookies or network position.1 For example, attacker.example can serve the following HTML to a victim and the browser will send ...

kernel: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in childcfsrqonlist childcfsrqonlist attempts to convert a 'prev' pointer to a cfsrq. This 'prev' pointer can originate from struct rq's leafcfsrqlist, making the conversion invalid and...

Linux Distros Unpatched Vulnerability : CVE-2019-16910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might...

Linux Distros Unpatched Vulnerability : CVE-2011-1187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an error message leak...

SUSE CVE-2024-37151

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When usin...

CVE-2025-0251

HCL IEM is affected by a concurrent login vulnerability. The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks...

CVE-2025-36005

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Administration Console. An attacker can execute arbitrary scripts in the context of a user's browser by tricking the user into visiting a crafted URL. Details Cross-site scripting or XSS is a code...

webkitgtk: Same Origin Policy bypass issue

A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...

webkitgtk: Same Origin Policy bypass via crafted web content

A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may bypass the same-origin Policy...

webkitgtk: bypass Same Origin Policy

A flaw was found in WebKitGTK. This flaw exists due to an error when handling the Same Origin Policy. A remote attacker can bypass Same Origin Policy restrictions...

CVE-2025-53600

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-53600

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-53600

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-53600

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-53600

CVE-2025-53600 affects Whale Browser prior to version 4.32.315.22. The vulnerability allows bypassing the Same-Origin Policy in a dual-tab environment, potentially enabling cross-origin data access/manipulation. Affected component is the browser’s tab/origin sandboxing behavior as described in mu...

CVE-2025-53600

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment...

Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser from Naver, a South Korean company that supports user-defined interfaces. A security vulnerability exists in Naver Whale Browser versions prior to 4.32.315.22, which stems from a possible bypass of the same-origin policy in a two-tab environment...

PT-2025-27864 · Unknown · Whale Browser

Name of the Vulnerable Software and Affected Versions: Whale browser versions prior to 4.32.315.22 Description: The issue allows an attacker to bypass the Same-Origin Policy in a dual-tab environment. This means that an attacker could potentially access or manipulate data from another origin, whi...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4 that stems from the reuse of the same credentials across multiple services and different scopes within the sam...