Lucene search
K

11 matches found

CVE
CVE
added 2026/03/18 4:31 p.m.24 views

CVE-2026-32610

Glances before 4.5.2 shipped a REST API with CORS allow_origins=["*"] and allow_credentials=True. When both are set, Starlette CORSMiddleware echoes the request Origin into Access-Control-Allow-Origin, allowing credentialed cross-origin requests to the Glances API. This can enable cross-site acce...

8.1CVSS5.7AI score0.00339EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17632

Malware in sbrugna...

5.3CVSS5.6AI score0.00941EPSS
Exploits0References2
OSV
OSV
added 2025/03/03 5:15 p.m.4 views

PYSEC-2025-25

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

6.5CVSS5.4AI score0.00179EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/03 4:40 p.m.10 views

CVE-2025-25302 Rembg CORS misconfiguration

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

8.7CVSS6.6AI score0.00179EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2019/10/29 5:31 p.m.3 views

syndesis: default CORS configuration is allow all

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information...

7.4CVSS5.8AI score0.01165EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/08/06 1:1 p.m.3 views

tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS7.3AI score0.21979EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/03/04 5:36 p.m.5 views

tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS7.3AI score0.21979EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2018/12/04 4:0 p.m.7 views

tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS7.3AI score0.21979EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2018/08/16 3:1 p.m.4 views

tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS7.3AI score0.21979EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2018/08/16 2:50 p.m.4 views

tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS7.3AI score0.21979EPSS
Exploits0References8
OSV
OSV
added 2018/05/16 12:0 a.m.4 views

UBUNTU-CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS7AI score0.21979EPSS
Exploits0References7
Rows per page
Query Builder