43 matches found
CVE-2022-26969
In Directus before 9.7.0, the default settings of CORSORIGIN and CORSENABLED are true...
EUVD-2018-7526
Malware in sbrugna...
EUVD-2025-6957
Malicious code in bioql PyPI...
EUVD-2024-2876
Malicious code in bioql PyPI...
EUVD-2024-0813
Malicious code in bioql PyPI...
EUVD-2022-1731
Malicious code in bioql PyPI...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24010 DESCRIPTION: Vite is a frontend tooling...
CVE-2024-23823
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impa...
CVE-2024-28251
Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of quer...
CVE-2024-10906
In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...
GHSA-38R9-3J52-H92V Aim vulnerable to Cross-Site Request Forgery
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
Aim vulnerable to Cross-Site Request Forgery
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-7760
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-7760
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-10906
CVE-2024-10906 – CSRF in DB-GPT (eosphoros-ai/db-gpt) Affected: db-gpt, version 0.6.0, within the uvicorn app created by dbgpt_server. Root cause: CORSMiddleware configured with wide permissiveness, setting Access-Control-Allow-Origin to ‘*’ for all endpoints. Impact: endpoints may be interacted ...
CVE-2024-7760 CSRF in aimhubio/aim
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-7760 CSRF in aimhubio/aim
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
PT-2025-12186 · Aimhubio · Aim
Name of the Vulnerable Software and Affected Versions: aimhubio/aim version 3.22.0 Description: The software contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. This is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enabl...
Improper Access Control
esbuild is vulnerable to Improper Access Control. The vulnerability is due to improper CORS settings due to the development server allowing any website to send requests and read responses by default...
GHSA-67MH-4WV8-2F99 esbuild enables any website to send any requests to the development server and read the response
Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. Details esbuild sets Access-Control-Allow-Origin: header to all requests, including the SSE connection, which allows any websites to send any request to the...