10 matches found
CVE-2026-34226
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...
CVE-2026-34226 Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...
CVE-2026-34226 Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...
CVE-2026-34226 Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...
CVE-2026-34226
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...
PT-2026-28614
Name of the Vulnerable Software and Affected Versions Happy DOM versions prior to 20.8.9 Description Happy DOM, a JavaScript implementation of a web browser without a graphical user interface, has an issue where it may attach cookies from the current page origin instead of the request target URL...
CVE-2026-32401
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.9...
CVE-2026-32401
The CVE-2026-32401 entry concerns the WordPress plugin WordPress Client Invoicing by Sprout Invoices (Sprout Invoices) affecting versions up to 20.8.9. It is caused by an improper control of the filename used in PHP include/require statements, leading to PHP Local File Inclusion (LFI). The vulner...
CVE-2026-32401 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.9...
WordPress plugin Client Invoicing by Sprout Invoices 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...