CVE-2020-15733

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',hr...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...

Origin Validation Error

AgentScope is vulnerable to Origin Validation Error. The vulnerability is due to improper access control due to the server not properly restricting access to trusted origins, allowing any external domain to make API requests, leading to unauthorized data access and potential exploitation...

Origin Validation Error

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Origin...

Origin Validation Error

Overview Flask-Cors is an A Flask extension adding a decorator for CORS support Affected versions of this package are vulnerable to Origin Validation Error due to the replacement of + characters with spaces in the unquoteplus function, when handling the request.path parameter. An attacker can cau...

CVE-2025-2346

A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated...

CVE-2025-2346

A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated...

CVE-2025-2346

CVE-2025-2346 concerns IROAD Dash Cam X5 and X6 (up to 20250308). The vulnerability is described as affecting an unknown Domain Handler component, where manipulation of the Domain Name leads to an origin validation error. The attack is stated as remote with high attack complexity and partial impa...

Origin Validation Error

Rembg is vulnerable to Origin Validation Error. The vulnerability is due to improper CORS middleware configuration, which reflects all origins and sets allowcredentials to True, allowing any website to send authenticated cross-site requests to the Rembg server...

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...

Origin Validation Error

Overview rembg is a Remove image background Affected versions of this package are vulnerable to Origin Validation Error in the addmiddleware function in scommand.py, which reflects all origins by default. Due to the allowcredentials=True setting, an attacker can send authenticated cross-site...

CVE-2025-1102

A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests...

CVE-2025-1102

A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from an origin validation error in the CORS configuration. An attacker exploiting this...

PT-2025-6833 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime version 2.11.0 and earlier Description: A CWE-346 "Origin Validation Error" in the CORS configuration allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs o...

CVE-2024-55917

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2023-46715

An origin validation error CWE-346 vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send but not receive packets spoofing the IP of another user via crafted network packets...

CVE-2023-46715

CVE-2023-46715 describes an origin validation error (CWE-346) in Fortinet FortiOS IPSec VPN that allows an authenticated VPN user with dynamic IP addressing to spoof another user’s IP by sending crafted packets. Affected products and versions are Fortinet FortiOS IPSec VPN 7.4.0–7.4.1 and 7.2.6 a...

CVE-2023-46715

An origin validation error CWE-346 vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send but not receive packets spoofing the IP of another user via crafted network packets...