Lucene search
+L

369 matches found

Cvelist
Cvelist
added 2025/01/20 5:40 p.m.25 views

CVE-2024-22348 IBM UrbanCode Velocity cross-origin resource sharing

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.3CVSS0.00345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/20 5:40 p.m.8 views

CVE-2024-22348 IBM UrbanCode Velocity cross-origin resource sharing

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.3CVSS6.3AI score0.00345EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.7 views

The vulnerability of the Acrobat Reader PDF viewing and editing software is related to synchronization errors when using a common resource, allowing attackers to escalate their privileges.

The vulnerability of the Acrobat Reader PDF viewing and editing software is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

7CVSS5.5AI score0.00202EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 10:27 p.m.19 views

Security Bulletin: IBM DevOps Velocity is vulnerable due to multiple misconfigurations

Summary Multiple vulnerabilities in IBM DevOps Velocity have been address in IBM DevOps Velocity version 5.0.1 Vulnerability Details CVEID:CVE-2024-22348 DESCRIPTION: IBM UCV - UrbanCode Velocity uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions...

7.5CVSS6.1AI score0.00345EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/09/25 11:15 a.m.15 views

CVE-2024-31146

When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be...

6.7AI score
Exploits0References3
OSV
OSV
added 2024/09/25 11:15 a.m.1 views

DEBIAN-CVE-2024-31146

When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be...

7.5CVSS4.9AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2024/09/25 10:31 a.m.67 views

CVE-2024-31146

The CVE-2024-31146 entry concerns the Xen hypervisor vulnerability related to PCI device pass-through with shared resources. The connected advisories (Debian DSA-5836-1 and SUSE SUSE-SU-2024:3586-1, and related OpenVAS/Nessus entries) confirm affected product as Xen and cite PCI BARs sharing a pa...

7.5CVSS7.4AI score0.00235EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/08/23 6:21 a.m.498 views

Cross-Origin Resource Sharing (CORS) Bypass

github.com/usememos/memos is vulnerable to Cross-Origin Resource Sharing CORS Bypass. The vulnerability is due to a CORS misconfiguration where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true, which may allow an attacker to perform cross-origin requests,...

8.1CVSS6.9AI score0.00607EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/05/10 5:16 p.m.31 views

CVE-2023-37526

The CVE-2023-37526 entry concerns HCL DRYiCE Lucy (now AEX). A CORS misconfiguration in the mobile app could allow unauthorized access to application resources from any web domain and enable cache poisoning, per sources in NVD/CVE records. The root cause is a CORS misconfiguration in the app, wit...

6.5CVSS6.7AI score0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/10 5:16 p.m.24 views

CVE-2023-37526 HCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) Vulnerability

HCL DRYiCE Lucy now AEX is affected by a Cross Origin Resource Sharing CORS vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks...

6.5CVSS6.6AI score0.00434EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.17 views

Westermo Lynx 206-F2G Permissive Cross-Domain Policy with Untrusted Domains (CVE-2023-45213)

A potential attacker with access to the device would be able to execute malicious code that could affect the correct functioning of the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

6.6CVSS6.7AI score0.0037EPSS
Exploits0References2
Veracode
Veracode
added 2024/04/02 7:14 a.m.23 views

Cross-Origin Resource Sharing (CORS) Bypass

@kindspells/astro-shield is vulnerable to Cross-Origin Resource Sharing CORS Bypass. This vulnerability due to the introduction of valid integrity attributes to injected code and SRI hash added to the generated Content Security Policy CSP header, fooling the browser into believing that the inject...

7.5CVSS7AI score0.0031EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/02/24 3:35 p.m.14 views

CVE-2023-30996 IBM Cognos Analytics cross-origin resource sharing

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290...

5.3CVSS6.1AI score0.00422EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/24 3:35 p.m.36 views

CVE-2023-30996 IBM Cognos Analytics cross-origin resource sharing

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290...

5.3CVSS5.2AI score0.00422EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/02 1:5 a.m.37 views

CVE-2023-50940 IBM PowerSC cross-resource origin sharing

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130...

5.3CVSS8.7AI score0.00456EPSS
Exploits0References2
ICS
ICS
added 2024/01/23 7:0 a.m.72 views

Westermo Lynx 206-F2G

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : Lynx 206-F2G Vulnerabilities : Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of Sensitive Information, Cross-Site Request...

8.8CVSS7.6AI score0.00514EPSS
Exploits0References10
NVD
NVD
added 2023/12/12 12:15 p.m.19 views

CVE-2023-46281

A vulnerability has been identified in Opcenter Execution Foundation All versions V2407, Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal...

8.8CVSS0.0094EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/11 10:42 p.m.32 views

CVE-2023-49803 @koa/cors has overly permissive origin policy

@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...

8.6CVSS8.7AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2023/12/11 10:42 p.m.16 views

CVE-2023-49803 @koa/cors has overly permissive origin policy

@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...

8.6CVSS7.7AI score0.00279EPSS
Exploits0References4
Prion
Prion
added 2023/09/06 7:15 p.m.15 views

Design/Logic Flaw

SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration...

5.8CVSS6.2AI score0.00679EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder