6 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-47909
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the...
CVE-2025-47909 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
GO-2025-3884 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
Google Golang 安全漏洞
Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...
Open Redirect
better-auth is vulnerable to an Open Redirect vulnerability. The vulnerability is due to improper validation of the trustedOrigins configuration, which allows attackers to manipulate the callbackURL parameter, leading to an open redirect that can be exploited for token theft...
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO
Summary A bypass was discovered in the trustedOrigins validation logic—affecting both absolute URL entries and wildcard domain patterns. This flaw allows an attacker to construct a malicious callbackURL that passes origin checks and triggers an open redirect. Because redirect endpoints include...