Lucene search
K

136 matches found

EUVD
EUVD
added 2026/06/19 12:31 a.m.8 views

EUVD-2026-37960

PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: headers, combined with Starlette's...

8.6CVSS5.8AI score0.00504EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:16 a.m.12 views

SUSE CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

8.8CVSS6AI score0.00197EPSS
Exploits1References3
NVD
NVD
added 2026/06/03 4:16 p.m.10 views

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

8.8CVSS0.00197EPSS
Exploits1References1
CVE
CVE
added 2026/06/03 3:6 p.m.26 views

CVE-2026-6657

CVE-2026-6657 affects jupyter-server versions 1.12.0–2.17.0. Root cause: use of re.match() for Origin validation in allow_origin_pat, allowing attacker-controlled domains to bypass CORS checks (e.g., trusted.example.com.evil.com) across CORS headers, WebSocket, referer validation, and login redir...

8.8CVSS6.6AI score0.00197EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:6 p.m.6 views

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6.6AI score0.00197EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-6657

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is...

8.8CVSS6.6AI score0.00197EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/18 2:19 p.m.9 views

CVE-2026-40110

A flaw was found in Jupyter Server. The Origin header validation, which uses Python's re.match function, does not correctly validate incoming origins against allowed patterns. This allows a remote attacker to bypass Cross-Origin Resource Sharing CORS restrictions by crafting a malicious domain th...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40389

Name of the Vulnerable Software and Affected Versions Archon OS affected versions not specified Description A flaw in the local API handling allows unauthenticated attackers to perform a web-to-client attack. By inducing a user to visit a malicious website, an attacker can bypass Cross-Origin...

5.9AI score0.00312EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/07 2:20 a.m.8 views

SUSE CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.3CVSS5.8AI score0.00333EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.33 views

CVE-2026-7968

Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

0.00216EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 9:29 p.m.27 views

CVE-2026-40110

Summary: The CVE affects Jupyter Server prior to 2.18.0, where Origin header validation uses Python’s re.match() against allow_origin_pat. Because re.match() anchors only at the start, a pattern intended for a trusted domain (for example trusted.example.com) can match origins like trusted.example...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/02/09 6:46 p.m.6 views

CVE-2026-25478 Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...

7.4CVSS5.5AI score0.00383EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.4 views

CVE-2023-43803

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

7.1CVSS6.9AI score0.00326EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-3382

Malware in sbrugna...

8.8CVSS9.4AI score0.01047EPSS
Exploits0References27
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-4540

Malware in sbrugna...

6.4CVSS9.3AI score0.03095EPSS
Exploits0References29
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-30704

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.01852EPSS
Exploits0References8
OSV
OSV
added 2025/08/20 3:15 p.m.7 views

CVE-2025-50864

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...

6.5CVSS5.9AI score
Exploits0References5
NVD
NVD
added 2025/08/20 3:15 p.m.6 views

CVE-2025-50864

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...

6.5CVSS0.00442EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/20 12:0 a.m.6 views

CVE-2025-50864

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...

7.1AI score0.00442EPSS
Exploits0References4
CVE
CVE
added 2025/07/25 3:53 p.m.17 views

CVE-2016-15046

CVE-2016-15046 affects Hanwha Techwin Smart Security Manager (SSM) / Hanwha Wisenet SSM, with a client-side RCE caused by improper restrictions on the PUT method of the bundled Apache ActiveMQ on port 8161. The vulnerability enables a Cross-Origin Resource Sharing (CORS) bypass paired with JavaSc...

8.6CVSS7.5AI score0.00921EPSS
Exploits0References6
Rows per page
Query Builder