CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

OSV•added 2026/04/01 9:17 p.m.•2 views

DEBIAN-CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

5.3CVSS5.3AI score0.00014EPSS

Exploits0References1

Positive Technologies•added 2026/04/01 12:0 a.m.•0 views

PT-2026-29607

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description When following redirects to a different origin, aiohttp removes the Authorization header while keeping the Cookie and Proxy-Authorization headers. This could lead to the leakage of sensitive...

6.9CVSS5.9AI score0.00014EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-0529

Malware in sbrugna...

4.3CVSS5.5AI score0.00195EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:32 a.m.•2 views

SUSE CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

7.5CVSS8.5AI score0.00858EPSS

Exploits0References4

Prion•added 2021/04/29 5:15 a.m.•22 views

Authorization

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007...

5.8CVSS7.6AI score0.03854EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/03/15 5:56 a.m.•17 views

CVE-2021-28379

web/upload/UploadHandler.php in Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin...

8.9AI score0.0329EPSS

Exploits4References2

Prion•added 2018/02/15 2:29 a.m.•19 views

Security feature bypass

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass"...

4.3CVSS4.8AI score0.11213EPSS

Exploits0References3

EUVD•added 2018/02/15 2:0 a.m.•2 views

EUVD-2018-1579

4.3CVSS5.7AI score0.11213EPSS

Exploits0References3

Cvelist•added 2018/02/15 2:0 a.m.•19 views

CVE-2018-0771

5.3AI score0.11213EPSS

Exploits0References3

Microsoft CVE•added 2017/08/08 7:0 a.m.•16 views

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

5.8CVSS1.3AI score0.00836EPSS

Exploits0

Exploit DB•added 2017/04/04 12:0 a.m.•41 views

Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting

globalObject-vm, callback JSC::JSObject callback return mcallback.get; JSDOMGlobalObject globalObject return JSC::jsCastmcallback-globalObject; JSC::JSValue invokeCallbackJSC::MarkedArgumentBuffer& args, CallbackType callbackType, JSC::PropertyName functionName, NakedPtr& returnedException return...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by