Lucene search
K

43 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.5 views

CVE-2022-26969

In Directus before 9.7.0, the default settings of CORSORIGIN and CORSENABLED are true...

9.8CVSS6.9AI score0.00909EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-7526

Malware in sbrugna...

6.5CVSS6.6AI score0.00334EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-6957

Malicious code in bioql PyPI...

9.6CVSS7.4AI score0.00229EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-2876

Malicious code in bioql PyPI...

8.1CVSS7.4AI score0.00332EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0813

Malicious code in bioql PyPI...

6.5CVSS4.8AI score0.00197EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1731

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00909EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 10:0 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24010 DESCRIPTION: Vite is a frontend tooling...

6.5CVSS6.5AI score0.00092EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:39 a.m.10 views

CVE-2024-23823

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impa...

6.5CVSS6.7AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.11 views

CVE-2024-28251

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of quer...

7.3CVSS5.5AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:58 a.m.4 views

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

8.1CVSS6.9AI score0.00078EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.2 views

GHSA-38R9-3J52-H92V Aim vulnerable to Cross-Site Request Forgery

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

7.4CVSS8.1AI score0.00229EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.3 views

Aim vulnerable to Cross-Site Request Forgery

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

9.6CVSS8.1AI score0.00229EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-7760

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

9.6CVSS8.1AI score
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.4 views

CVE-2024-7760

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

9.6CVSS0.00229EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.51 views

CVE-2024-10906

CVE-2024-10906 – CSRF in DB-GPT (eosphoros-ai/db-gpt) Affected: db-gpt, version 0.6.0, within the uvicorn app created by dbgpt_server. Root cause: CORSMiddleware configured with wide permissiveness, setting Access-Control-Allow-Origin to ‘*’ for all endpoints. Impact: endpoints may be interacted ...

8.1CVSS7AI score0.00078EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.6 views

CVE-2024-7760 CSRF in aimhubio/aim

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

7.4CVSS0.00229EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.3 views

CVE-2024-7760 CSRF in aimhubio/aim

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

7.4CVSS8.1AI score0.00229EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.2 views

PT-2025-12186 · Aimhubio · Aim

Name of the Vulnerable Software and Affected Versions: aimhubio/aim version 3.22.0 Description: The software contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. This is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enabl...

9.6CVSS8.1AI score0.00229EPSS
Exploits1References7
Veracode
Veracode
added 2025/02/13 10:9 a.m.7 views

Improper Access Control

esbuild is vulnerable to Improper Access Control. The vulnerability is due to improper CORS settings due to the development server allowing any website to send requests and read responses by default...

7AI score
Exploits0
OSV
OSV
added 2025/02/10 5:48 p.m.19 views

GHSA-67MH-4WV8-2F99 esbuild enables any website to send any requests to the development server and read the response

Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. Details esbuild sets Access-Control-Allow-Origin: header to all requests, including the SSE connection, which allows any websites to send any request to the...

5.3CVSS6.8AI score
Exploits0References3
Rows per page
Query Builder