Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-47909

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the...

7.3CVSS6.1AI score0.00345EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/29 3:55 p.m.8 views

CVE-2025-47909 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

0.00159EPSS
Exploits0References2
OSV
OSV
added 2025/08/29 3:42 p.m.3 views

GO-2025-3884 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

7.3CVSS6.9AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.6 views

Google Golang 安全漏洞

Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...

7.3CVSS6.4AI score0.00159EPSS
Exploits0References4
Veracode
Veracode
added 2025/03/03 4:54 a.m.5 views

Open Redirect

better-auth is vulnerable to an Open Redirect vulnerability. The vulnerability is due to improper validation of the trustedOrigins configuration, which allows attackers to manipulate the callbackURL parameter, leading to an open redirect that can be exploited for token theft...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/02/24 8:49 p.m.16 views

Better Auth allows bypassing the trustedOrigins Protection which leads to ATO

Summary A bypass was discovered in the trustedOrigins validation logic—affecting both absolute URL entries and wildcard domain patterns. This flaw allows an attacker to construct a malicious callbackURL that passes origin checks and triggers an open redirect. Because redirect endpoints include...

6.9AI score
Exploits0References4Affected Software1
Rows per page
Query Builder