Insufficient Site Isolation Against Spectre Vulnerability
- Risk:
Low
- Type:
- Passive
- CWE:
- CWE-693
- Summary
Cross-Origin-Resource-Policy header is an opt-in header designed to counter side-channels attacks like Spectre. Resource should be specifically set as shareable amongst different origins.
- Solution
Ensure that the application/web server sets the Cross-Origin-Resource-Policy header appropriately, and that it sets the Cross-Origin-Resource-Policy header to 'same-origin' for all web pages. 'same-site' is considered as less secured and should be avoided. If resources must be shared, set the header to 'cross-origin'. If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Resource-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-resource-policy).
DNS0.EU private DNS service shuts down over sustainability issues
Microsoft: October updates break USB input in Windows Recovery
Five New Exploited Bugs Land in CISA's Catalog β Oracle and Microsoft Among Targets
Retail giant Muji halts online sales after ransomware attack on supplier
Over 75,000 WatchGuard security devices vulnerable to critical RCE
CISA: High-severity Windows SMB flaw now exploited in attacks
Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
Self-spreading GlassWorm malware hits OpenVSX, VS Code registries
Microsoft warns of Windows smart card auth issues after October updates
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2025-24990 Microsoft Windows Untrusted Pointer Dereference Vulnerability
Free online web security scanner