An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.

Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.

Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actu...