101 matches found
CVE-2026-28201 SurrealDB Injection on Open Notebook
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration i...
Permissive Cross-domain Policy with Untrusted Domains
Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the CORSConfig.allowedoriginsregex, which uses a regex built from configured allowli...
CVE-2025-1102
A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests...
EUVD-2025-34775
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration...
EUVD-2018-0202
Malware in sbrugna...
EUVD-2019-0332
Malware in sbrugna...
EUVD-2021-1880
Malware in sbrugna...
EUVD-2020-8224
Malware in sbrugna...
EUVD-2021-26840
Malware in sbrugna...
EUVD-2025-7072
Malicious code in bioql PyPI...
EUVD-2025-7789
Malicious code in bioql PyPI...
EUVD-2023-1120
Malicious code in bioql PyPI...
EUVD-2025-14304
Malicious code in bioql PyPI...
EUVD-2021-28240
Malicious code in bioql PyPI...
EUVD-2023-2683
Malicious code in bioql PyPI...
EUVD-2023-2775
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-3524
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP heade...
CVE-2025-41363
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing CORS. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission...
CVE-2025-41366
CVE-2025-41366 = CORS misconfiguration in ZIV IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. Exploitation requires authentication and commands with privileges higher than view. CVSS v4.0 base score 5.1 (NETWORK, LOW complexity, HIGH privileges). Affected products: IDF, ZLF (specific versions above)...
PT-2025-24081 · Idf +1 · Idf +1
Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: A configuration error has been detected in cross-origin resource sharing CORS in the affected software. This issue can be exploited by authenticating to the device and...