The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origi...

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1...

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected ...

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking...

The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display ar...

Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerab...