CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

Github Security Blog•added 2026/04/22 7:49 p.m.•5 views

free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

7.5CVSS5.8AI score0.00048EPSS

Exploits1References3Affected Software1

CVE•added 2026/04/21 11:49 p.m.•9 views

CVE-2026-41135

CVE-2026-41135 affects free5GC UDR (PCF) prior to version 1.4.3. The root cause is a faulty router.Use() call inside an HTTP handler that registers a new CORS middleware on every incoming request, causing the Gin router to permanently grow its handler chain. This leads to progressive memory exhau...

7.5CVSS5.7AI score0.00048EPSS

Exploits1References2Affected Software2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-1974

Malicious code in bioql PyPI...

9.1CVSS7AI score0.00388EPSS

Exploits0References7

Vulnrichment•added 2025/08/06 8:41 p.m.•4 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

6.3AI score0.00378EPSS

Exploits0References3

OSV•added 2025/03/20 10:15 a.m.•1 views

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

8.1CVSS6.8AI score

Exploits0References1

RedhatCVE•added 2025/03/05 6:5 p.m.•8 views

CVE-2025-25302

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

8.7CVSS6.8AI score0.00042EPSS

Exploits1References1

OSV•added 2025/03/03 4:40 p.m.•5 views

CVE-2025-25302 Rembg CORS misconfiguration

8.7CVSS6.4AI score0.00042EPSS

Exploits1References4

RedhatCVE•added 2024/07/05 5:7 a.m.•18 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

6.5CVSS9AI score0.00388EPSS

Exploits0References9

Github Security Blog•added 2024/06/29 6:31 a.m.•20 views

Gin mishandles a wildcard at the end of an origin string

9.1CVSS6.8AI score0.00388EPSS

Exploits0References8Affected Software2

UbuntuCve•added 2024/06/29 12:15 a.m.•15 views

CVE-2019-25211

9.1CVSS6.6AI score0.00388EPSS

Exploits0References6

Cvelist•added 2024/06/28 12:0 a.m.•34 views

CVE-2019-25211

0.00388EPSS

Exploits0References5

Debian CVE•added 2024/06/28 12:0 a.m.•12 views

CVE-2019-25211

9.1CVSS6.4AI score0.00388EPSS

Exploits0

OSV•added 2024/05/21 3:8 p.m.•6 views

GO-2024-2812 Some CORS middleware allow untrusted origins in github.com/jub0bs/fcors

Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin patter...

7AI score

Exploits0References2

OSV•added 2024/05/03 5:34 p.m.•11 views

GHSA-V84H-653V-4PQ9 Some CORS middleware allow untrusted origins

Impact Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin...

9.3CVSS7AI score

Exploits0References4

OSV•added 2024/05/03 5:34 p.m.•10 views

GHSA-VHXV-FG4M-P2W8 Some CORS middleware allow untrusted origins

9.3CVSS7AI score

Exploits0References4

Github Security Blog•added 2024/05/03 5:34 p.m.•15 views

Some CORS middleware allow untrusted origins

7AI score

Exploits0References4Affected Software1

Prion•added 2024/02/21 9:15 p.m.•25 views

Design/Logic Flaw

Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...

7.5CVSS7AI score0.00485EPSS

Exploits1References8

Cvelist•added 2024/02/21 9:1 p.m.•16 views

CVE-2024-25124 Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

9.4CVSS9.4AI score0.00485EPSS

Exploits1References8

CVE•added 2024/02/21 9:1 p.m.•96 views

CVE-2024-25124

CVE-2024-25124 affects the Go web framework Fiber. Before v2.52.1, the CORS middleware allowed configuring Access-Control-Allow-Origin to a wildcard "*" while Access-Control-Allow-Credentials was true, violating security best practices and enabling potential exposure of sensitive data to cross-si...

9.8CVSS9.2AI score0.00485EPSS

Exploits1References8Affected Software1

OSV•added 2024/02/21 9:1 p.m.•46 views

CVE-2024-25124 Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

9.4CVSS9.4AI score0.00485EPSS

Exploits1References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by