Lucene search
K

34 matches found

ATTACKERKB
ATTACKERKB
added 2025/12/18 12:0 a.m.5 views

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

9.1CVSS5.7AI score0.00212EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/12/18 12:0 a.m.3 views

CVE-2025-63388

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...

9.1CVSS6AI score0.002EPSS
Exploits0References4
OSV
OSV
added 2025/12/18 12:0 a.m.4 views

CVE-2025-63388

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...

9.1CVSS6AI score0.002EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.3 views

CVE-2025-63388

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...

6AI score0.002EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.6 views

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

5.7AI score0.00212EPSS
Exploits0References4
OSV
OSV
added 2025/10/27 8:10 p.m.6 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS6.9AI score0.00186EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/27 8:10 p.m.10 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32107

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-28398

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00202EPSS
Exploits1References1
NVD
NVD
added 2025/10/02 1:15 p.m.5 views

CVE-2025-41010

Incorrect Cross-Origin Resource Sharing CORS configuration in Hiberus Sintra. Cross-Origin Resource Sharing CORS allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol...

5.1CVSS0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/02 12:22 p.m.9 views

CVE-2025-41010 Cross-origin resource sharing (CORS) in Hiberus Sintra

Incorrect Cross-Origin Resource Sharing CORS configuration in Hiberus Sintra. Cross-Origin Resource Sharing CORS allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol...

5.1CVSS0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.4 views

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

6.7AI score0.00202EPSS
Exploits1References1
PyPA
PyPA
added 2025/03/03 5:15 p.m.13 views

PYSEC-2025-25

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

8.7CVSS6.7AI score0.00179EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/06/09 5:15 p.m.4 views

CVE-2021-27786

Cross-origin resource sharing CORS enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An...

9.8CVSS7.2AI score0.00541EPSS
Exploits0References1
Rows per page
Query Builder