Lucene search
K

185 matches found

EUVD
EUVD
added 2026/04/14 6:30 p.m.5 views

EUVD-2026-22293

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains...

7.7CVSS7.1AI score0.00464EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.5 views

SUSE CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/03 2:25 a.m.2 views

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.9AI score0.00237EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/11 10:17 p.m.8 views

Tornado has incomplete validation of cookie attributes

Values passed to the domain, path, and samesite arguments of RequestHandler.setcookie were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes...

5.8AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.7 views

CVE-2026-29086

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.5 views

CVE-2026-25477

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to...

6.9CVSS5.8AI score0.00164EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 8:16 p.m.5 views

CVE-2026-25477

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to...

6.9CVSS0.00164EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 7:14 p.m.3 views

CVE-2026-25477

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to...

6.9CVSS5.8AI score0.00164EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/02 7:14 p.m.8 views

EUVD-2026-9258

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to...

6.9CVSS5.8AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 7:14 p.m.6 views

CVE-2026-25477 AFFiNE: Open Redirect via Regex Bypass in redirect-proxy

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to...

6.9CVSS5.8AI score0.00164EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22691

Name of the Vulnerable Software and Affected Versions AFFiNE versions prior to 0.26.0 Description AFFiNE, an open-source workspace and operating system, contains an Open Redirect flaw in the /redirect-proxy endpoint. The issue stems from a flawed domain validation process, where a Regular...

6.9CVSS5.9AI score0.00164EPSS
Exploits0References5
OSV
OSV
added 2026/02/26 3:22 p.m.4 views

GHSA-W789-49FC-V8HR TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

Impact A validation bug allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. The validation only checks if a hostname ended with an allowed domain. This meant: If example.com is allowed in proxyableDomains: - ✅ example.com is allowed correct - ✅...

8.7CVSS5.5AI score0.00241EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/26 3:22 p.m.7 views

TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

Impact A validation bug allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. The validation only checks if a hostname ended with an allowed domain. This meant: If example.com is allowed in proxyableDomains: - ✅ example.com is allowed correct - ✅...

8.7CVSS5.3AI score0.00241EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/26 12:2 a.m.16 views

CVE-2026-27818

TerriaJS-Server (Node.js Express) has a validation bug in versions prior to 4.0.3 that allows proxying of domains not explicitly allowed in the proxyableDomains allowlist. The issue is fixed in version 4.0.3. Impact is that unapproved domains could be proxied; explicit exploit details or in‑the‑w...

8.7CVSS5.4AI score0.00241EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/26 12:2 a.m.29 views

CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

8.7CVSS0.00241EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/25 6:11 p.m.12 views

Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Summary A bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Details Astro provides an inferSize option that fetches remote images at render time to determine their dimensions. Remo...

7.2CVSS5.8AI score0.00281EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:0 p.m.4 views

CVE-2026-25811

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...

5.3CVSS5.5AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 2026/02/09 9:0 p.m.15 views

CVE-2026-25811

CVE-2026-25811 affects PlaciPy 1.0.0. Root cause: tenant identifiers are derived from user email domains without validating domain ownership/registration, enabling cross-tenant data access. Impact is cross-tenant data exposure; CVSS notes indicate high confidentiality/integrity impact in some vec...

9.1CVSS5.5AI score0.00269EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/09 9:0 p.m.5 views

CVE-2026-25811 PlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...

5.3CVSS5.5AI score0.00269EPSS
Exploits0References3
OSV
OSV
added 2026/02/09 8:35 p.m.5 views

GHSA-96PQ-HXPW-RGH8 Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Summary - The saveimagesAsset graphql mutation allows a user to give a url of an image to download. Url must use a domain, not a raw IP. - Attacker sets up domain attacker.domain with an A record of something like 169.254.169.254 special AWS metadata IP - Attacker invokes saveimagesAsset with url...

5.3CVSS5.7AI score0.00419EPSS
Exploits1References6
Rows per page
Query Builder