Lucene search
K

4 matches found

CVE
CVE
added 8 hours ago6 views

CVE-2026-61736

LightRAG vulnerability CVE-2026-61736 stems from a CORS misconfiguration prior to version 1.5.4: CORS_ORIGINS is set to '*' and allow_credentials=True in lightrag/api/lightrag_server.py, causing Starlette CORSMiddleware to effectively whitelist all origins for credentialed cross-origin requests. ...

9.3CVSS6.1AI score
Exploits0References6
NVD
NVD
added 2026/05/28 6:16 p.m.38 views

CVE-2026-45021

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...

5.1CVSS0.00204EPSS
Exploits0References8
OSV
OSV
added 2026/03/19 4:28 p.m.5 views

GHSA-H8VW-PH9R-XPCH qui CORS Misconfiguration: Arbitrary Origins Trusted

Summary The application implements an HTML5 cross-origin resource sharing CORS policy that allows access from any domain. While the application is typically deployed within a trusted local network, successful exploitation of this weakness does not require any direct access to the instance by the...

9.6CVSS5.9AI score0.00257EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52255

Name of the Vulnerable Software and Affected Versions Dify version 1.9.1 Description A Cross-Origin Resource Sharing CORS misconfiguration exists in the /console/api/system-features endpoint. The endpoint has an overly permissive CORS policy that reflects arbitrary Origin headers and sets...

9.1CVSS6.6AI score0.002EPSS
Exploits0References9
Rows per page
Query Builder