8206 matches found
CVE-2026-7977
Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7969
CVE-2026-7969 is an integer overflow in the Chrome Network component prior to 148.0.7778.96. A remote attacker who has compromised the renderer could bypass the same-origin policy via a crafted HTML page. Affected software: Google Chrome (Desktop) prior to 148.0.7778.96. Impact details are limite...
CVE-2026-7969
Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7969
Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7969
Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7968
Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7968
Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7968
Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
PT-2026-38270
Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The Flight::jsonp function concatenates the jsonp query parameter directly into an application/javascript response body without validating if the value is a legal JavaScript identifier. This allows a...
GHSA-7WW3-XVF5-CXWM ciguard: Web UI is missing HTTP defence-in-depth headers
Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...
CVE-2026-35397 jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...
GHSA-JW8G-5J46-44RP AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Authenticated Users' Profile Photos with Arbitrary Content
Summary objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not end in .json.php, so it is excluded from the project's global autoCSRFGuard...
webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...
EUVD-2026-25607
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion...
GHSA-XX6V-RP6X-Q39C Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
Vulnerability Disclosure: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion Summary The Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. Whe...
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
Vulnerability Disclosure: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion Summary The Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. Whe...
PT-2026-38170
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An inappropriate implementation in Canvas allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from on...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google to provide web browsing, application running and internet communication features. Google Chrome suffers from an integer overflow vulnerability that stems from the Network component failing to properly handle certain data, which can be exploited b...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by improper handling of Canvas, which could allow remote attackers to bypass the same-origin policy through specially crafted HTML pages...