A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate l
A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue co
A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curl
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thund
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 thro
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulat
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard * regardless of the caller's Or
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certifica
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product supports
old SSL/TLS versions, potentially allowing an attacker to decrypt
communications with t
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting.
This issue affects B2B: before 04.06.2025.
← Previous Page 5