CVE-2024-12973

Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing. This issue affects OctoCloud: from s1.09.01 before v1.11.01...

CVE-2024-12973 Host Header Injection in Akinsoft's OctoCloud

Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing. This issue affects OctoCloud: from s1.09.01 before v1.11.01...

PT-2025-35549

Name of the Vulnerable Software and Affected Versions: Akinsoft OctoCloud versions s1.09.01 through v1.11.00 Description: An origin validation error exists in Akinsoft OctoCloud, enabling HTTP response splitting. This issue is categorized as CAPEC - 87 - Forceful Browsing. Recommendations: Update...

Security Bulletin: A vulnerability in axios may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2024-57965)

Summary There is a vulnerability in axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...

elysia-cors Origin Validation Error

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...

CVE-2025-50864

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...

CVE-2025-50864

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965.

Summary IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not u...

Origin Validation Error

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Origin Validation Error via the review profile process. An attacker can gain unauthorized access to another...

Origin Validation Error

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Origin Validation Error via the review profile process. An attacker can gain unauthorized access to...

PT-2025-25244 · Autel · Autel Maxicharger Ac Wallbox Commercial

Name of the Vulnerable Software and Affected Versions: Autel MaxiCharger AC Wallbox Commercial affected versions not specified Description: The issue concerns an Origin Validation Error Authentication Bypass Vulnerability. It allows for authentication bypass due to an origin validation error...

CVE-2025-5320

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...

CVE-2024-25996

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

CVE-2024-10534

Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS allows Traffic Injection. This issue affects Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS: before 2024...

CVE-2023-28795

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6...

CVE-2023-28794

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6...

CVE-2023-46715

An origin validation error CWE-346 vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send but not receive packets spoofing the IP of another user via crafted network packets...

CVE-2022-41749

An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2022-3457

Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5...