CVE-2025-25302
Rembg (versions 2.0.57 and earlier) is reported to have a CORS misconfiguration where the CORS middleware reflects all origins and allow_credentials is set to True. This combination effectively enables cross-origin requests from any site and could allow authenticated cross-site requests to the re...