44 matches found
EUVD-2026-45258
IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/autologin endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTOLOGIN configuration is enabl...
CVE-2022-26969
In Directus before 9.7.0, the default settings of CORSORIGIN and CORSENABLED are true...
EUVD-2018-7526
Malware in sbrugna...
EUVD-2024-2876
Malicious code in bioql PyPI...
EUVD-2022-1731
Malicious code in bioql PyPI...
EUVD-2025-6957
Malicious code in bioql PyPI...
EUVD-2024-0813
Malicious code in bioql PyPI...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24010 DESCRIPTION: Vite is a frontend tooling...
CVE-2024-23823
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impa...
CVE-2024-28251
Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of quer...
CVE-2024-10906
In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...
Aim vulnerable to Cross-Site Request Forgery
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
GHSA-38R9-3J52-H92V Aim vulnerable to Cross-Site Request Forgery
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-7760
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-10906
CVE-2024-10906 – CSRF in DB-GPT (eosphoros-ai/db-gpt) Affected: db-gpt, version 0.6.0, within the uvicorn app created by dbgpt_server. Root cause: CORSMiddleware configured with wide permissiveness, setting Access-Control-Allow-Origin to ‘*’ for all endpoints. Impact: endpoints may be interacted ...
CVE-2024-7760 CSRF in aimhubio/aim
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-7760 CSRF in aimhubio/aim
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-7760 CSRF in aimhubio/aim
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
PT-2025-12186
Name of the Vulnerable Software and Affected Versions aimhubio/aim version 3.22.0 Description The software contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. This is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables...
Improper Access Control
esbuild is vulnerable to Improper Access Control. The vulnerability is due to improper CORS settings due to the development server allowing any website to send requests and read responses by default...