Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-3985
Mozilla Firefox prior to 16.0, Thunderbird prior to 16.0, and SeaMonkey prior to 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domai...
Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 10.04
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 11
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Server 10
NA
CVE-2023-47200
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local malicious user to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sy...
Trendmicro Apex One 2019
Trendmicro Apex One
NA
CVE-2023-47201
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local malicious user to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sy...
Trendmicro Apex One 2019
Trendmicro Apex One
6.9
CVSSv2
CVE-2010-3847
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) up to and including 2.11.2, and 2.12.x up to and including 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic...
Gnu Glibc 2.2.2
Gnu Glibc 2.9
Gnu Glibc 2.7
Gnu Glibc 2.1.2
Gnu Glibc 2.11
Gnu Glibc 2.0.5
Gnu Glibc 2.2.5
Gnu Glibc 2.0.6
Gnu Glibc 2.10.1
Gnu Glibc 1.00
Gnu Glibc 1.06
Gnu Glibc 2.1.1
Gnu Glibc 1.02
Gnu Glibc 2.0.3
Gnu Glibc 1.07
Gnu Glibc 2.3.1
Gnu Glibc 2.3
Gnu Glibc 2.12.0
Gnu Glibc 2.0
Gnu Glibc 2.1.1.6
Gnu Glibc 1.04
Gnu Glibc 1.01
4 EDB exploits
1 Github repository
4.3
CVSSv2
CVE-2021-45229
It exists that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
Apache Airflow
5.8
CVSSv2
CVE-2013-0794
Mozilla Firefox prior to 20.0 and SeaMonkey prior to 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote malicious users to conduct phishing attacks via a crafted web site.
Mozilla Firefox 19.0
Mozilla Firefox 19.0.1
Mozilla Firefox
Mozilla Seamonkey 2.0.10
Mozilla Seamonkey 2.13.1
Mozilla Seamonkey 2.5
Mozilla Seamonkey 2.9
Mozilla Seamonkey 2.2
Mozilla Seamonkey 2.6
Mozilla Seamonkey 2.15
Mozilla Seamonkey 2.0.13
Mozilla Seamonkey 2.8
Mozilla Seamonkey 2.12.1
Mozilla Seamonkey 2.7
Mozilla Seamonkey 2.13.2
Mozilla Seamonkey 2.14
Mozilla Seamonkey 2.12
Mozilla Seamonkey 2.4
Mozilla Seamonkey 2.0.4
Mozilla Seamonkey 2.10
Mozilla Seamonkey 2.1
Mozilla Seamonkey 2.11
6.8
CVSSv2
CVE-2016-1949
Mozilla Firefox prior to 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote malicious users to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated ...
Mozilla Firefox
5
CVSSv2
CVE-2015-7207
Mozilla Firefox prior to 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and perform...
Mozilla Firefox
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Fedoraproject Fedora 22
Fedoraproject Fedora 23
5
CVSSv2
CVE-2015-7215
The importScripts function in the Web Workers API implementation in Mozilla Firefox prior to 43.0 allows remote malicious users to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to ...
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mozilla Firefox
4.3
CVSSv2
CVE-2017-2371
An issue exists in certain Apple products. iOS prior to 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote malicious users to launch popups via a crafted web site.
Apple Iphone Os
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »