8307 matches found
CVE-2025-3071
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
CVE-2025-3071
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
CVE-2025-3071
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
CVE-2025-3071
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
CVE-2025-3071
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
CVE-2025-3071
CVE-2025-3071 concerns Google Chrome (Chromium project). The vulnerability is described as an inappropriate implementation in Navigations that allowed a remote attacker to bypass the same-origin policy when a user engaged specific UI gestures on a crafted HTML page, before version 135.0.7049.52. ...
PT-2025-14453 · Google +2 · Google Chrome +2
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 135.0.7049.52 Description: The issue is related to an inappropriate implementation in Navigations, allowing a remote attacker to bypass the same origin policy via a crafted HTML page if the user is convinced to...
PT-2025-23203
Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4 visionOS versions prior to 2.4 macOS Sequoia versions prior to 15.4 Description: The issue allows a website to bypass Same Origin Policy. This was addresse...
narayana: deadlock via multiple join requests sent to LRA Coordinator
A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...
CVE-2024-8024
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by manipulating the content type of responses. PoC...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by manipulating the content type of responses. PoC...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker with a user-level account can manipulate session cookies to hijack administrator sessions, leading to unauthorized actions and potential system compromise by embedding a...
Cross-site Request Forgery (CSRF)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the authentication process using cookies with the SameSite attribute set to lax. An attacker can execute arbitrary code with the victim's privileges by crafting a...
CVE-2024-8024
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...
CVE-2024-7806
A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...
CVE-2024-4023
A stored cross-site scripting XSS vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML fil...
CVE-2024-8024
CVE-2024-8024 : A misconfigured Cross-Origin Resource Sharing (CORS) policy in netease-youdao/qanything version 1.4.1 allows cross-origin requests to bypass the Same-Origin Policy, potentially exposing sensitive information. The root cause is improper CORS configuration; no specific exploit detai...
CVE-2024-8024 CORS Misconfiguration in netease-youdao/qanything
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...
CVE-2024-8024 CORS Misconfiguration in netease-youdao/qanything
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such securit...