Lucene search
K

323 matches found

Cvelist
Cvelist
added 2026/05/21 1:2 p.m.50 views

CVE-2025-71214

An origin validation error vulnerability in the Trend Micro Apex One mac agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

0.00357EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 1:2 p.m.19 views

EUVD-2025-209912

An origin validation error vulnerability in the Trend Micro Apex One mac agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7.8CVSS7.3AI score0.00357EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 1:2 p.m.10 views

CVE-2025-71214

An origin validation error vulnerability in the Trend Micro Apex One mac agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7.3AI score0.00357EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 1:2 p.m.6 views

CVE-2025-71213

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS7.3AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/05/21 1:2 p.m.20 views

CVE-2025-71213

CVE-2025-71213 is a local privilege escalation in Trend Micro Apex One caused by an origin validation error. The public notices describe a flaw in the Apex One components (notably the NT Listener service per ZDI) where insufficient validation of the origin of commands allows a local attacker who ...

7.8CVSS7.3AI score0.00337EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 1:2 p.m.15 views

CVE-2025-71213

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS7.3AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 1:2 p.m.13 views

EUVD-2025-209913

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS7.3AI score0.00337EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/05/21 12:0 a.m.7 views

Langflow Origin Validation Error Vulnerability

Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh...

9.4CVSS7.8AI score0.7889EPSS
In wildExploits3
Snyk
Snyk
added 2026/05/19 11:54 a.m.7 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the /ajax-api endpoints. An attacker can gain unauthorized access to the Assistant's configuration and execute arbitrary commands by sending crafted cross-origin requests from a malicious webpage. Remediation...

9.6CVSS7.5AI score0.00371EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/19 11:54 a.m.9 views

Origin Validation Error

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Origin Validation Error in the /ajax-api endpoints. An attacker ca...

9.6CVSS7.6AI score0.00371EPSS
Exploits1References2
Veracode
Veracode
added 2026/05/16 5:29 a.m.5 views

Origin Validation Error

Dozzle is vulnerable to Origin Validation Error. The vulnerability is due to improper origin validation in the WebSocket upgrader, where connections from any origin are accepted and authenticated with the victim's JWT cookie, allowing attackers to hijack authenticated sessions and gain unauthoriz...

9.6CVSS5.8AI score0.00195EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/05/07 4:40 p.m.12 views

Origin Validation Error

Overview cinny is a Yet another matrix client Affected versions of this package are vulnerable to Origin Validation Error in the process that handles emoji pack avatar URLs in the service worker. An attacker can obtain a victim's access token by crafting a malicious emote pack with an...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 12:31 p.m.10 views

EUVD-2026-28356

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 12:16 p.m.17 views

CVE-2026-6508

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

9.8CVSS0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 11:47 a.m.35 views

CVE-2026-6508 RCE in TUBITAK BILGEM's Liderahenk

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

9.8CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 11:47 a.m.8 views

CVE-2026-6508

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/07 11:47 a.m.16 views

CVE-2026-6508

The CVE-2026-6508 entry affects Liderahenk software from 2.0.1 before 2.0.2. An Origin Validation Error could allow access to functionality not properly constrained by ACLs, enabling unauthorized use of features. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a base score of 9....

9.8CVSS5.8AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 8:53 a.m.6 views

BIT-THRIFT-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

7.3CVSS5.8AI score0.00394EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38423

Name of the Vulnerable Software and Affected Versions Liderahenk versions 2.0.1 through 2.0.1 Description An Origin Validation Error in the application allows attackers to bypass Access Control Lists ACLs, which are sets of rules that define permissions for users or systems. This flaw enables...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/05 9:31 a.m.14 views

Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

7.3CVSS5.8AI score0.00394EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder