Lucene search
K

158 matches found

NVD
NVD
added 2026/06/04 7:16 a.m.11 views

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/05/01 1:15 p.m.7 views

CVE-2026-7581

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function onprepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

5.3CVSS0.00169EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/01 1:0 p.m.30 views

CVE-2026-7581 alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function onprepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

5.3CVSS0.00169EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/01 1:0 p.m.7 views

CVE-2026-7581 alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function onprepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

5.3CVSS5.3AI score0.00169EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36322

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

5.3CVSS5.3AI score0.00169EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/20 5:0 p.m.6 views

CVE-2026-6662 ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy

A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...

7.5CVSS6.7AI score0.00182EPSS
Exploits0References4
NVD
NVD
added 2026/04/15 8:16 p.m.5 views

CVE-2026-6313

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 7:4 p.m.11 views

CVE-2026-6313

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.7 views

CVE-2026-6313

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00207EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6313

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.00207EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 9:55 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to Flask-Cors

Summary Flask-Cors is used by IBM Cloud Pak for Data System to handle Cross-Origin Resource Sharing CORS for web applications. Multiple vulnerabilities affect Flask-Cors path matching functionality. CVE-2024-6866 involves case-insensitive path matching that can allow unauthorized origins to acces...

7.5CVSS5.8AI score0.00652EPSS
Exploits3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:29 p.m.8 views

SiYuan is Vulnerable to Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection

Summary A malicious website can achieve Remote Code Execution RCE on any desktop running SiYuan by exploiting the permissive CORS policy Access-Control-Allow-Origin: + Access-Control-Allow-Private-Network: true to inject a JavaScript snippet via the API. The injected snippet executes in Electron'...

9.6CVSS6.3AI score0.00499EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/31 10:16 p.m.11 views

CVE-2026-34449

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution RCE on any desktop running SiYuan by exploiting the permissive CORS policy Access-Control-Allow-Origin: + Access-Control-Allow-Private-Network: true to inject a JavaScri...

9.6CVSS0.00499EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/31 9:45 p.m.20 views

CVE-2026-34449 SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution RCE on any desktop running SiYuan by exploiting the permissive CORS policy Access-Control-Allow-Origin: + Access-Control-Allow-Private-Network: true to inject a JavaScri...

9.6CVSS0.00499EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:45 p.m.4 views

CVE-2026-34449

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution RCE on any desktop running SiYuan by exploiting the permissive CORS policy Access-Control-Allow-Origin: + Access-Control-Allow-Private-Network: true to inject a JavaScri...

9.6CVSS5.9AI score0.00499EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/31 9:45 p.m.7 views

EUVD-2026-17676

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution RCE on any desktop running SiYuan by exploiting the permissive CORS policy Access-Control-Allow-Origin: + Access-Control-Allow-Private-Network: true to inject a JavaScri...

9.6CVSS5.9AI score0.00499EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/03/31 11:53 a.m.5 views

CVE-2026-0397

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

4.3CVSS5.8AI score0.00161EPSS
Exploits0
OSV
OSV
added 2026/03/13 8:7 p.m.6 views

CVE-2026-32617 AnythingLLM Permissable CORS policy

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the...

7.1CVSS5.7AI score0.0041EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.3 views

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS for Markdown, MDX, and JSON developed by Tina. Versions of TinaCMS prior to 2.1.8 contained security vulnerabilities. These vulnerabilities stemmed from the TinaCMS CLI development server having a lax CORS policy configured. Combined with path traversal...

9.6CVSS6AI score0.00535EPSS
Exploits1References1
NVD
NVD
added 2026/01/26 6:16 p.m.13 views

CVE-2026-24435

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 implement an insecure Cross-Origin Resource Sharing CORS policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: in combination with Access-Control-Allow-Credentials: true, allowing...

7.1CVSS0.00211EPSS
Exploits0References2
Rows per page
Query Builder