HIGH🇬🇧 English

CVE-2026-8874

CVSS 7.1pub. 2026-06-03upd. 2026-06-05

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
  • Securly

    APP
    Securly
    3.0.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-8876HIGH7.3ten sam produkt

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js....

CVE-2026-8878HIGH7.5ten sam produkt

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauth...

CVE-2026-8879HIGH7.5ten sam produkt

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via c...

CVE-2026-8881HIGH7.5ten sam produkt

Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iterati...

CVE-2026-8888HIGH7.5ten sam produkt

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided pat...

CVE-2026-8874 — HIGH 7.1 | CVEbaza.pl