Lucene search
K

9126 matches found

Nuclei
Nuclei
added yesterday123 views

Langflow AI <= 1.6.9 - CORS Misconfiguration

Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that allows any origin to make credentialed requests. Combined with SameSite=None cookies, this enables cross-origin token theft and subsequent remote code execution via the /api/v1/validate/code endpoint. id:...

9.4CVSS7.5AI score0.7889EPSS
Exploits3References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43176

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication...

8.8CVSS6.1AI score0.00322EPSS
Exploits0References2
CVE
CVE
added 3 days ago6 views

CVE-2026-59180

Apprise before v1.11.0 vulnerable: HTTP-based notification plugins and HTTP loaders (apprise/attachment/http.py, apprise/config/http.py) follow redirects and resend configured auth headers and query parameters. This can leak secrets (Authorization headers, bearer tokens, service keys) to a compro...

3.1CVSS6.1AI score0.00195EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-59180 Apprise forwards configured auth headers across cross-origin HTTP redirects

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py...

3.1CVSS0.00195EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago11 views

EUVD-2026-34014

Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering...

8.2CVSS5.9AI score0.00396EPSS
Exploits2References5
CVE
CVE
added 4 days ago9 views

CVE-2026-59148

The CVE covers Mockoon prior to version 9.7.0, where the admin API was mounted on the same Express listener as user mock routes with default-enabled, unauthenticated access and permissive CORS (Access-Control-Allow-Origin: ). This allowed any unauthenticated client on the mock server port to: rea...

8.8CVSS6AI score0.00173EPSS
Exploits0References5
NVD
NVD
added 4 days ago9 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

7.5CVSS0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42552

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-56458

Technical details about CVE-2026-56458 are not publicly available in the provided documents. No affected versions, root cause specifics, exploits, or mitigations are disclosed here. Monitor for updates from vendors or CVE pages.

7.5CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-56458 HCL DevOps Deploy is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-57111

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS0.00269EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42529

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS6AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-57111

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS6AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-57111

CVE-2026-57111 describes a permissive CORS configuration in Apache Helix REST (helix-rest; org.apache.helix.rest.server.filters.CORSFilter) up to version 2.0.0. The filter returns Access-Control-Allow-Origin: * and Access-Control-Allow-Credentials: true, and reflects arbitrary preflight values, a...

7.5CVSS6AI score0.00269EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-57111 Apache Helix REST: Permissive CORS Configuration in REST API Allows Unrestricted Cross-Origin

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

0.00269EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-59723

The CVE-2026-59723 vulnerability affects the Cline Hub dashboard (the /browser WebSocket endpoint). Before version 3.0.30, the dashboard server did not validate the Origin header for WebSocket connections, and when ROOM_SECRET is unset on local 127.0.0.1, isAuthorizedBrowserRequest() could be abu...

8.8CVSS6.1AI score0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-59723 Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS0.00145EPSS
Exploits0References4
NVD
NVD
added 5 days ago6 views

CVE-2026-59804

Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...

7.6CVSS0.00213EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59804 Midscene Bridge Server - Session Hijack via Unauthenticated WebSocket

Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...

7.6CVSS0.00213EPSS
Exploits0References4
Rows per page
Query Builder