Lucene search
+L

130 matches found

nessus
nessus
added 2025/08/26 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-22602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication...

7.5CVSS7.1AI score0.01553EPSS
Exploits0References2
osv
osv
added 2025/08/01 1:3 p.m.5 views

OESA-2025-1939 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...

7.5CVSS6.7AI score0.00652EPSS
Exploits3References4
osv
osv
added 2025/08/01 1:3 p.m.7 views

OESA-2025-1938 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...

7.5CVSS6.7AI score0.00652EPSS
Exploits3References4
debian
debian
added 2025/05/31 2:30 a.m.16 views

[SECURITY] [DLA 4197-1] python-flask-cors security update

Debian LTS Advisory DLA-4197-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert May 31, 2025 https://wiki.debian.org/LTS Package : python-flask-cors Version : 3.0.9-2+deb11u1 CVE ID : CVE-2024-1681 CVE-2024-6839 CVE-2024-6844 CVE-2024-6866 Debian Bug : 1069764 11009...

7.5CVSS6.3AI score0.00652EPSS
Exploits4
alpinelinux
alpinelinux
added 2025/05/30 4:15 a.m.3 views

CVE-2025-47952

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a...

9.1CVSS7.1AI score0.00784EPSS
Exploits0References4
snyk
snyk
added 2025/05/01 8:41 p.m.2 views

Incorrect Authorization

Overview github.com/open-policy-agent/opa/server is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. Affected versions of this package are vulnerable to Incorrect Authorization via the HTTP Data API. An attacker can...

8.5CVSS7.2AI score0.0036EPSS
Exploits0References2
susecve
susecve
added 2025/03/21 2:53 a.m.4 views

SUSE CVE-2024-6839

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...

5.3CVSS6.7AI score0.00652EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/03/20 3:58 p.m.8 views

CVE-2024-6839

A flaw was found inflask-cors. This vulnerability allows unauthorized cross-origin access to sensitive data or functionality via improper regex path matching, prioritizing longer patterns over more specific ones. This issue leads to less restrictive CORS policies being applied to sensitive...

4.3CVSS6.6AI score0.00652EPSS
Exploits1References4
snyk
snyk
added 2025/03/20 12:32 p.m.7 views

Improper Verification of Source of a Communication Channel

Overview Flask-Cors is an A Flask extension adding a decorator for CORS support Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel due to improper application of regex path matching rules. An attacker can gain unauthorized cross-origin...

6.9CVSS6.8AI score0.00652EPSS
Exploits1References2
osv
osv
added 2025/03/20 10:15 a.m.2 views

DEBIAN-CVE-2024-6866

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

7.5CVSS5.9AI score0.00642EPSS
Exploits1References1
nvd
nvd
added 2025/03/20 10:15 a.m.7 views

CVE-2024-6839

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...

5.3CVSS0.00652EPSS
Exploits1References2
osv
osv
added 2025/03/20 10:15 a.m.3 views

DEBIAN-CVE-2024-6839

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...

5.3CVSS5.6AI score0.00652EPSS
Exploits1References1
osv
osv
added 2025/03/20 10:15 a.m.5 views

UBUNTU-CVE-2024-6866

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

7.5CVSS6.7AI score0.00642EPSS
Exploits1References4
osv
osv
added 2025/03/20 10:15 a.m.5 views

UBUNTU-CVE-2024-6839

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...

5.3CVSS6.8AI score0.00652EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

5.3CVSS5.3AI score0.00642EPSS
Exploits1References1
debiancve
debiancve
added 2025/03/20 10:10 a.m.9 views

CVE-2024-6866

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

7.5CVSS5.9AI score0.00642EPSS
Exploits1
cve
cve
added 2025/03/20 10:10 a.m.209 views

CVE-2024-6866

CVE-2024-6866 concerns corydolphin/flask-cors. The issue arises from using the host-oriented try_match for path matching, making path comparisons effectively case-insensitive while URLs are case-sensitive. This can allow unauthorized origins to access restricted paths and potentially expose data....

7.5CVSS5.3AI score0.00642EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/03/20 10:10 a.m.18 views

CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

5.3CVSS0.00642EPSS
Exploits1References1
osv
osv
added 2025/03/20 10:10 a.m.9 views

CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

5.3CVSS6.5AI score0.00642EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-6839 Improper Regex Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...

4.3CVSS4.6AI score0.00652EPSS
Exploits1References1
Rows per page
Query Builder