Lucene search
+L

13 matches found

snyk
snyk
added 2026/06/26 8:13 p.m.17 views

Exposed Dangerous Method or Function

Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the local HTTP server's permissive CORS policy, which sends...

6CVSS6.1AI score0.00812EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/27 5:27 p.m.10 views

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/25 2:0 p.m.14 views

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

9.8CVSS6.8AI score0.08031EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/05/07 4:40 p.m.13 views

GHSA-J944-W549-3453 Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References4
veracode
veracode
added 2026/04/30 5:2 p.m.12 views

Insertion Of Sensitive Information Into Sent Data

Axios is vulnerable to Insertion of Sensitive Information Into Sent Data. The vulnerability is due to improper use of truthy/falsy evaluation for the withXSRFToken configuration instead of strict boolean checks, which allows an attacker to force XSRF tokens to be sent to malicious cross-origin...

5.4CVSS5.8AI score0.00228EPSS
Exploits1References3Affected Software1
github
github
added 2026/04/10 7:28 p.m.11 views

PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint

Summary The AGUI endpoint POST /agui has no authentication and hardcodes Access-Control-Allow-Origin: on all responses. Combined with Starlette/FastAPI's Content-Type-agnostic JSON parsing, any website a victim visits can silently trigger arbitrary agent execution against a locally-running AGUI...

6.4AI score
Exploits0References3Affected Software1
github
github
added 2026/03/25 5:48 p.m.8 views

AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

Summary The plugin/Permissions/setPermission.json.php endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and the application explicitly sets session.cookiesamesite=None on session cookies. This allows an...

8.8CVSS6AI score0.00172EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2026/03/02 11:16 a.m.9 views

CVE-2025-58406 Lack of HTTP Response Headers

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...

5.3CVSS5.9AI score0.00184EPSS
Exploits0References2
nessus
nessus
added 2026/01/14 12:0 a.m.9 views

TencentOS Server 3: webkit2gtk3 (TSSA-2025:1000)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1000 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS7.3AI score0.01378EPSS
Exploits0References16
nvd
nvd
added 2025/05/12 10:15 p.m.9 views

CVE-2025-31205

The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin...

6.5CVSS0.00373EPSS
Exploits0References12
osv
osv
added 2022/11/17 8:45 p.m.6 views

MGASA-2022-0427 Updated firefox packages fix security vulnerability

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations CVE-2022-43680. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for...

9.8CVSS9.1AI score0.0226EPSS
Exploits1References5
osv
osv
added 2022/01/25 12:0 a.m.2 views

UBUNTU-CVE-2022-22637

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior...

8.8CVSS6.8AI score0.00632EPSS
Exploits0References4
osv
osv
added 2016/09/14 10:16 p.m.6 views

USN-3058-1 oxide-qt vulnerabilities

An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. CVE-2016-5141 A use-after-free was discovered in the WebCrypto implementation in Blink. If a user were tricked in to...

9.8CVSS7AI score0.01764EPSS
Exploits0References17
Rows per page
Query Builder