Lucene search
K

43 matches found

NVD
NVD
added 3 days ago5 views

CVE-2025-71381

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago21 views

CVE-2025-71381 Hono - Vary Header Injection in CORS Middleware

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS0.0028EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:15 p.m.4 views

CVE-2026-54290

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit origin the default wildcard, the CORS Middleware reflects the request's Origin and sends Access-Control-Allow-Credentials: true. Any site can then make...

7.1CVSS5.9AI score0.00248EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/22 7:49 p.m.6 views

GHSA-98CP-84M9-Q3QP free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

7.5CVSS5.8AI score0.00515EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 7:49 p.m.9 views

free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

7.5CVSS5.8AI score0.00515EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/21 11:49 p.m.12 views

CVE-2026-41135

CVE-2026-41135 affects free5GC UDR (PCF) prior to version 1.4.3. The root cause is a faulty router.Use() call inside an HTTP handler that registers a new CORS middleware on every incoming request, causing the Gin router to permanently grow its handler chain. This leads to progressive memory exhau...

7.5CVSS5.7AI score0.00515EPSS
Exploits1References2Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0758

Malware in sbrugna...

5.3CVSS5.2AI score0.02462EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6008

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00179EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1974

Malicious code in bioql PyPI...

9.1CVSS7AI score0.00428EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-18978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources becau...

5.3CVSS5.6AI score0.02462EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/06 8:41 p.m.5 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

6.3AI score0.00533EPSS
Exploits0References3
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

8.1CVSS6.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/05 6:5 p.m.11 views

CVE-2025-25302

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

8.7CVSS6.8AI score0.00179EPSS
Exploits1References1
NVD
NVD
added 2025/03/03 5:15 p.m.13 views

CVE-2025-25302

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

8.7CVSS0.00179EPSS
Exploits1References2
CVE
CVE
added 2025/03/03 4:40 p.m.96 views

CVE-2025-25302

Rembg (versions 2.0.57 and earlier) is reported to have a CORS misconfiguration where the CORS middleware reflects all origins and allow_credentials is set to True. This combination effectively enables cross-origin requests from any site and could allow authenticated cross-site requests to the re...

8.7CVSS6.8AI score0.00179EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/03/03 4:40 p.m.7 views

CVE-2025-25302 Rembg CORS misconfiguration

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

8.7CVSS6.4AI score0.00179EPSS
Exploits1References4
Veracode
Veracode
added 2024/10/18 7:3 a.m.15 views

Origin Validation Error

gradio is vulnerable to Origin Validation Error. The vulnerability is due to the CustomCORSMiddleware class. An attacker can make unauthorized requests and potentially access sensitive data...

8.3CVSS6.5AI score0.00484EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/07/05 5:7 a.m.18 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

6.5CVSS9AI score0.00428EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/06/29 6:31 a.m.21 views

Gin mishandles a wildcard at the end of an origin string

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.8AI score0.00428EPSS
Exploits0References8Affected Software2
UbuntuCve
UbuntuCve
added 2024/06/29 12:15 a.m.19 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.6AI score0.00428EPSS
Exploits0References6
Rows per page
Query Builder