Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.7 views

CVE-2023-45815

ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...

6.4CVSS6.5AI score0.00422EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-3277

Malicious code in bioql PyPI...

8.6CVSS7.8AI score0.00279EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-12231

Malicious code in bioql PyPI...

4.3CVSS7.2AI score0.006EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/07/22 12:0 a.m.7 views

Mozilla Firefox ESR < 140.1

The version of Firefox ESR installed on the remote Windows host is prior to 140.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-59 advisory. - Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of...

9.8CVSS8.6AI score0.00472EPSS
Exploits0References15
CVE
CVE
added 2025/03/20 10:10 a.m.207 views

CVE-2024-6866

CVE-2024-6866 concerns corydolphin/flask-cors. The issue arises from using the host-oriented try_match for path matching, making path comparisons effectively case-insensitive while URLs are case-sensitive. This can allow unauthorized origins to access restricted paths and potentially expose data....

7.5CVSS5.3AI score0.00642EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.7 views

CVE-2024-6844 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS5.5AI score0.00281EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 12:45 p.m.5 views

Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6221]

Summary The Flask-Cors package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6221. Vulnerability Details CVEID:CVE-2024-6221 DESCRIPTION: Flask-CORS could allow a remote attacker to obtain sensitive information, caused ...

7.5CVSS6.1AI score0.00677EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/26 12:0 a.m.8 views

CVE-2022-26969

In Directus before 9.7.0, the default settings of CORSORIGIN and CORSENABLED are true...

6.9AI score0.00927EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/04/21 5:15 p.m.53 views

CVE-2022-24869

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may allow for a cross site scripting attack...

5.4CVSS6.3AI score0.00736EPSS
Exploits0References5
OSV
OSV
added 2020/09/12 10:23 a.m.6 views

OPENSUSE-SU-2020:1415-1 Security update for python-Flask-Cors

This update for python-Flask-Cors fixes the following issues: - CVE-2020-25032: fix a relative directory traversal vulnerability bsc1175986. This update was imported from the openSUSE:Leap:15.1:Update update project...

7.5CVSS7.4AI score0.04017EPSS
Exploits0References3
Rows per page
Query Builder