PT-2026-29161

Summary Hardcoded Wildcard CORS Access-Control-Allow-Origin: - https://github.com/modelcontextprotocol/java-sdk/blob/main/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletSseServerTransportProvider.javaL289 -...

EUVD-2021-25500

Malware in sbrugna...

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

Linux Distros Unpatched Vulnerability : CVE-2025-47908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH heade...

CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

CVE-2017-6080

CVE-2017-6080 affects Zammad versions prior to 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Root cause: missing protection via HTTP Access-Control headers. Attack surface: cross-domain requests to the REST API for users with a valid session cookie, enabling disclosure of results. Impact ran...