Total
400 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6519 | 3 Avahi, Canonical, Redhat | 3 Avahi, Ubuntu Linux, Enterprise Linux | 2025-04-20 | N/A |
| avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. | ||||
| CVE-2016-8358 | 1 Smiths-medical | 1 Cadd-solis Medication Safety Software | 2025-04-20 | N/A |
| An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints. | ||||
| CVE-2017-8793 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | N/A |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy. | ||||
| CVE-2025-3651 | 2025-04-17 | N/A | ||
| Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33. | ||||
| CVE-2022-1747 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 4.6 Medium |
| The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization. | ||||
| CVE-2022-41961 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-04-17 | 4.3 Medium |
| BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered users from the same extId. This issue has been fixed by improving permissions such that banning a user removes all users related to their extId, including registered users that have not joined the meeting. This issue is patched in versions 2.4-rc-6 and 2.5-alpha-1. There are no workarounds. | ||||
| CVE-2021-32985 | 1 Aveva | 1 System Platform | 2025-04-16 | 7.2 High |
| AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. | ||||
| CVE-2022-1520 | 2 Mozilla, Redhat | 4 Thunderbird, Enterprise Linux, Rhel E4s and 1 more | 2025-04-16 | 4.3 Medium |
| When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9. | ||||
| CVE-2022-22757 | 1 Mozilla | 1 Firefox | 2025-04-16 | 6.5 Medium |
| Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97. | ||||
| CVE-2022-38472 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Enterprise Linux and 2 more | 2025-04-15 | 6.5 Medium |
| An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. | ||||
| CVE-2022-42927 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 8.1 High |
| A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. | ||||
| CVE-2022-29915 | 1 Mozilla | 1 Firefox | 2025-04-15 | 4.3 Medium |
| The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100. | ||||
| CVE-2014-1502 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2025-04-12 | N/A |
| The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. | ||||
| CVE-2017-20146 | 1 Gorillatoolkit | 1 Handlers | 2025-04-11 | 9.8 Critical |
| Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy. | ||||
| CVE-2011-2856 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
| CVE-2014-1487 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2025-04-11 | 7.5 High |
| The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. | ||||
| CVE-2011-3956 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. | ||||
| CVE-2011-3056 | 3 Apple, Google, Opensuse | 4 Iphone Os, Safari, Chrome and 1 more | 2025-04-11 | N/A |
| Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." | ||||
| CVE-2011-3072 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. | ||||
| CVE-2011-3067 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2025-04-11 | N/A |
| Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. | ||||