54 matches found
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the put function. An attacker can overwrite or create arbitrary files in the webroot by enticing a user to visit a malicious website, which then issues crafted PUT requests through the victim's browse...
CVE-2025-23047
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...
EUVD-2018-16905
Malware in sbrugna...
EUVD-2017-14512
Malware in sbrugna...
EUVD-2015-5185
Malware in sbrugna...
EUVD-2025-6914
Malicious code in bioql PyPI...
EUVD-2023-37457
Malicious code in bioql PyPI...
EUVD-2025-0166
Malicious code in bioql PyPI...
EUVD-2025-6911
Malicious code in bioql PyPI...
CVE-2024-8489
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
CVE-2024-8026
A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...
Cross-site Request Forgery (CSRF)
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to overly permissive CORS headers in app.py. Remediation There is no fixed version for agentscope. References - Vulnerability...
CVE-2024-8489
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
CVE-2024-8026 CSRF due to overly permissive CORS headers in netease-youdao/qanything
A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...
CVE-2024-8026
CVE-2024-8026 concerns a CSRF flaw in the backend API of netease-youdao/qanything caused by overly permissive CORS headers that allow all cross-origin requests. The vulnerability reportedly affects all backend endpoints, enabling actions such as creating, uploading, listing, deleting files, and m...
CVE-2024-8026 CSRF due to overly permissive CORS headers in netease-youdao/qanything
A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...
CVE-2024-8489
CVSS 8.8 (HIGH) — CVE-2024-8489: CSRF in modelscope/agentscope, specifically the AgentScope Studio backend server. The issue stems from overly permissive CORS headers, allowing CSRF to access all backend endpoints, including the api/file endpoint for reading arbitrary files on the target’s local ...
CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
NetEase QAnything 安全漏洞
NetEase QAnything is a local knowledge base question and answer system dedicated to supporting arbitrary format files or databases from China's NetEase NetEase, which can be installed and used offline. A security vulnerability exists in NetEase QAnything, which stems from a cross-site request...