9 matches found
CVE-2026-8576
CVE-2026-8576 concerns an inappropriate CORS implementation in Google Chrome on Linux and ChromeOS, traced to the Chromium CORS component. Upstream bug reference points to a chromium issue (496231853). The vulnerability allows a remote attacker to leak cross-origin data via a crafted HTML page; i...
Copilot API Proxy 安全漏洞
Copilot API Proxy is a reverse proxy service for the GitHub Copilot API developed by Erick Christian. Versions of Copilot API Proxy prior to 0.7.0 contain security vulnerabilities. These vulnerabilities stem from a flaw in the cors function within the file/src/server.ts file of the component’s...
Shopizer 安全漏洞
Shopizer is a Java-based open source e-commerce solution from the Shopizer team. A security vulnerability exists in Shopizer version 3.2.7, which stems from a CORS implementation that does not validate the Origin header, which could result in a cross-domain read of a sensitive response...
CVE-2024-6839
A flaw was found inflask-cors. This vulnerability allows unauthorized cross-origin access to sensitive data or functionality via improper regex path matching, prioritizing longer patterns over more specific ones. This issue leads to less restrictive CORS policies being applied to sensitive...
PT-2025-5342 · Vite +1 · Vite +1
Name of the Vulnerable Software and Affected Versions: Nuxt versions 3.8.1 through 3.15.2 Description: The issue arises due to default CORS settings in Nuxt, allowing any website to send requests to the development server and read the response. This can lead to source code theft by malicious...
PT-2024-22679 · Owncast · Owncast
Name of the Vulnerable Software and Affected Versions: Owncast versions 0.1.2 and prior Description: Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. A lenient CORS policy allows attackers to make a cross origin request, reading privileged...
SUSE CVE-2020-6408
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page...
chromium-browser: Inappropriate implementation in CORS
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
DEBIAN-CVE-2020-6408
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page...