CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 days ago•6 views

EUVD-2026-36363

Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote...

8.4CVSS5.8AI score0.0024EPSS

NVD•added last week•9 views

CVE-2026-45173

8.4CVSS0.0024EPSS

Cvelist•added last week•28 views

CVE-2026-45173 Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure

8.4CVSS0.0024EPSS

CVE•added last week•11 views

CVE-2026-45173

The CVE concerns Idira Identity Browser Extension for Chrome, Firefox, and Edge, with versions prior to 26.8.1. A flaw in origin validation within internal web-page verification routines could allow a remote attacker to trigger unauthorized application interaction or execution parameters within a...

8.4CVSS5.8AI score0.0024EPSS

Vulnrichment•added last week•7 views

CVE-2026-45173 Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure

8.4CVSS5.6AI score0.0024EPSS

Positive Technologies•added 2026/06/11 12:0 a.m.•7 views

PT-2026-48789

Name of the Vulnerable Software and Affected Versions Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 Description An origin validation flaw exists within the internal web-page verification routines. This issue allows a remote attacker to trigger...

8.4CVSS5.6AI score0.0024EPSS

Snyk•added 2026/06/10 12:0 a.m.•3 views

Origin Validation Error

Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Origin Validation Error via insufficient Origin validation for WebSocket connections. An attacker can perform Cross-Site WebSocket Hijacking CSWSH b...

8.5CVSS5.8AI score0.0023EPSS

RedhatCVE•added 2026/06/08 4:34 p.m.•6 views

CVE-2026-43972

A flaw was found in gun. A malicious or compromised HTTP/2 server can exploit an Origin Validation Error vulnerability by injecting unvalidated HTTP/2 PUSHPROMISE authority. This allows the server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. This...

6.3CVSS5.6AI score0.00215EPSS

NVD•added 2026/06/08 3:16 p.m.•10 views

CVE-2026-43972

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS0.00215EPSS

CVE•added 2026/06/08 2:12 p.m.•21 views

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

EUVD•added 2026/06/08 2:12 p.m.•6 views

EUVD-2026-35073

Vulnrichment•added 2026/06/08 2:12 p.m.•4 views

CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Cvelist•added 2026/06/08 2:12 p.m.•39 views

CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

6.3CVSS0.00215EPSS

OSV•added 2026/06/08 2:12 p.m.•6 views

EEF-CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Summary Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised...

Positive Technologies•added 2026/06/08 12:0 a.m.•7 views

PT-2026-47298

Name of the Vulnerable Software and Affected Versions ninenines gun versions 2.0.0 through 2.3.x Description An origin validation error in the gun http2 module allows cross-origin cookie injection through an unvalidated HTTP/2 PUSH PROMISE authority. In the push promise frame function, the...

6.3CVSS5.6AI score0.00215EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:51 p.m.•5 views

CVE-2025-71217

An origin validation error vulnerability in the Trend Micro Apex One mac agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord...

7.8CVSS7.5AI score0.00312EPSS

RedhatCVE•added 2026/06/05 7:51 p.m.•7 views

CVE-2025-71214

An origin validation error vulnerability in the Trend Micro Apex One mac agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7.8CVSS7.5AI score0.00357EPSS

RedhatCVE•added 2026/06/05 7:31 p.m.•9 views

CVE-2025-71213

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS7.5AI score0.00356EPSS