Lucene search
K

9 matches found

CVE
CVE
added 2026/05/14 7:52 p.m.78 views

CVE-2026-8576

CVE-2026-8576 concerns an inappropriate CORS implementation in Google Chrome on Linux and ChromeOS, traced to the Chromium CORS component. Upstream bug reference points to a chromium issue (496231853). The vulnerability allows a remote attacker to leak cross-origin data via a crafted HTML page; i...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.13 views

Copilot API Proxy 安全漏洞

Copilot API Proxy is a reverse proxy service for the GitHub Copilot API developed by Erick Christian. Versions of Copilot API Proxy prior to 0.7.0 contain security vulnerabilities. These vulnerabilities stem from a flaw in the cors function within the file/src/server.ts file of the component’s...

7.5CVSS7.1AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.3 views

Shopizer 安全漏洞

Shopizer is a Java-based open source e-commerce solution from the Shopizer team. A security vulnerability exists in Shopizer version 3.2.7, which stems from a CORS implementation that does not validate the Origin header, which could result in a cross-domain read of a sensitive response...

8.1CVSS6.6AI score0.00202EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/20 3:58 p.m.7 views

CVE-2024-6839

A flaw was found inflask-cors. This vulnerability allows unauthorized cross-origin access to sensitive data or functionality via improper regex path matching, prioritizing longer patterns over more specific ones. This issue leads to less restrictive CORS policies being applied to sensitive...

4.3CVSS6.6AI score0.00652EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.6 views

PT-2025-5342 · Vite +1 · Vite +1

Name of the Vulnerable Software and Affected Versions: Nuxt versions 3.8.1 through 3.15.2 Description: The issue arises due to default CORS settings in Nuxt, allowing any website to send requests to the development server and read the response. This can lead to source code theft by malicious...

6.5CVSS7AI score0.00529EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.5 views

PT-2024-22679 · Owncast · Owncast

Name of the Vulnerable Software and Affected Versions: Owncast versions 0.1.2 and prior Description: Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. A lenient CORS policy allows attackers to make a cross origin request, reading privileged...

8.8CVSS6.5AI score0.00412EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.2 views

SUSE CVE-2020-6408

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page...

6.5CVSS6.6AI score0.01624EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2020/02/17 9:31 a.m.5 views

chromium-browser: Inappropriate implementation in CORS

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score0.02004EPSS
Exploits1References5
OSV
OSV
added 2020/02/11 3:15 p.m.1 views

DEBIAN-CVE-2020-6408

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page...

6.5CVSS6AI score0.01624EPSS
Exploits1References1
Rows per page
Query Builder