CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

NVD•added 2026/05/12 11:16 p.m.•6 views

CVE-2026-44548

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records,...

8.1CVSS0.00017EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 10:33 p.m.•6 views

CVE-2026-44548

8.1CVSS5.7AI score0.00017EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/12 10:33 p.m.•8 views

EUVD-2026-29885

8.1CVSS5.7AI score0.00017EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в firefox

A nested iframe, which triggers cross-site navigation, may send cookies with the SameSite=Strict or Lax attribute. This vulnerability affects Firefox 128 and Thunderbird 128...

9.8CVSS7.2AI score0.0059EPSS

Exploits0References2

RedhatCVE•added 2025/11/01 2:20 p.m.•4 views

CVE-2025-48980

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...

6.5CVSS6.7AI score0.00046EPSS

Exploits0References1

EUVD•added 2025/10/31 12:30 a.m.•1 views

EUVD-2025-37235

6.5CVSS6.1AI score0.00046EPSS

Exploits0References2

NVD•added 2025/10/31 12:15 a.m.•1 views

CVE-2025-48980

6.5CVSS0.00046EPSS

Exploits0References1

Vulnrichment•added 2025/10/30 11:29 p.m.•3 views

CVE-2025-48980

6.5CVSS6.4AI score0.00046EPSS

Exploits0References1

Cvelist•added 2025/10/30 11:29 p.m.•3 views

CVE-2025-48980

6.5CVSS0.00046EPSS

Exploits0References1

CVE•added 2025/10/30 11:29 p.m.•11 views

CVE-2025-48980

Brave Browser Desktop (pre-1.83.10) with Split View enabled has a cookie handling flaw in the Open Link in Split View context menu: SameSite=Strict cookies could be sent during cross-site navigation. This is tied to Brave’s Split View behavior and affects confidentiality with cross-site requests....

6.5CVSS6.3AI score0.00046EPSS

Exploits0References1

Positive Technologies•added 2025/10/30 12:0 a.m.•2 views

PT-2025-44560

Name of the Vulnerable Software and Affected Versions Brave Browser versions prior to 1.83.10 Description The "Open Link in Split View" context menu item in Brave Browser Desktop did not correctly handle the SameSite cookie attribute when the split view feature was enabled. Specifically,...

6.5CVSS6.5AI score0.00046EPSS

Exploits0References6

Snyk•added 2025/10/14 12:31 a.m.•3 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the Menu Display Widget process. An attacker can access sensitive information by viewing content that should be restricted to authorized users. Remediation Upgrade...

6.5CVSS6.5AI score0.00043EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-4781

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00183EPSS

Exploits0References7

Microsoft CVE•added 2025/09/03 10:10 p.m.•2 views

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

...

9.8CVSS9.2AI score0.0059EPSS

Exploits0

Hacker One•added 2025/07/15 1:33 p.m.•6 views

Brave Software: SameSite restrictions are lifted, and SameSite:Strict cookie are being sent.

A vulnerability was discovered where SameSite=Strict cookies were being sent during cross-site navigations, even though they should have been restricted under the SameSite policy. This was caused by the absence of the Sec-Fetch-Site: cross-site header, which is normally used to prevent such...

6.5CVSS8.9AI score0.0042EPSS

Exploits1

RedhatCVE•added 2025/05/23 10:2 a.m.•4 views

CVE-2024-6611