CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

334 matches found

Positive Technologies•added 2025/11/12 12:0 a.m.•4 views

PT-2025-46587

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An origin validation error in Kibana may allow for Server-Side Request Forgery SSRF through a manipulated Origin HTTP header. This manipulation occurs during processing by the Observability AI...

4.3CVSS6.6AI score0.00022EPSS

Exploits0References10

OSV•added 2025/10/27 8:10 p.m.•3 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS6.9AI score0.00041EPSS

Exploits0References4

EUVD•added 2025/10/27 8:10 p.m.•3 views

EUVD-2025-36363

6.3CVSS6.4AI score0.00041EPSS

Exploits0References2

Vulnrichment•added 2025/10/27 8:10 p.m.•2 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

6.3CVSS6.5AI score0.00041EPSS

Exploits0References2

CVE•added 2025/10/27 8:10 p.m.•9 views

CVE-2025-62523

PLOS (PILOS) before 4.8.0 contains a CORS misconfiguration in middleware: it reflects the Origin header in Access-Control-Allow-Origin with credentials allowed, potentially enabling cross-origin requests with user credentials. Laravel’s session handling adds origin checks that prevent cross-origi...

6.3CVSS6.5AI score0.00041EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/10/27 8:10 p.m.•6 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

6.3CVSS0.00041EPSS

Exploits0References2

EUVD•added 2025/10/16 7:49 p.m.•3 views

EUVD-2025-34775

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration...

6.5CVSS6.3AI score0.00033EPSS

Exploits0References4

Github Security Blog•added 2025/10/16 7:49 p.m.•6 views

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

Summary A CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses. Technical Details By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header...

6.5CVSS6.8AI score0.00033EPSS

Exploits0References5Affected Software1

OSV•added 2025/10/16 7:49 p.m.•1 views

GHSA-9329-MXXW-QWF8 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

7.5CVSS6.8AI score0.00033EPSS

Exploits0References5

NVD•added 2025/10/16 5:15 p.m.•4 views

CVE-2025-53092

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...

6.5CVSS0.00033EPSS

Exploits0References1

Vulnrichment•added 2025/10/16 4:29 p.m.•2 views

CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

6.5CVSS6.3AI score0.00033EPSS

Exploits0References1

OSV•added 2025/10/16 4:29 p.m.•2 views

CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

6.5CVSS6.7AI score0.00033EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-18398