2 matches found
CVE-2026-56277
Flowise (pre-3.1.2) exposes a security flaw in its text-to-speech (TTS) endpoint. The endpoint at packages/server/src/controllers/text-to-speech/index.ts sets Access-Control-Allow-Origin to a hardcoded wildcard (*), bypassing the server’s configured CORS policy and enabling cross-origin requests ...
CVE-2026-34237
CVE-2026-34237 affects MCP Java SDK. A hardcoded wildcard CORS configuration (Access-Control-Allow-Origin: *) existed in versions before 0.83.0, 1.0.1, and 1.1.1, allowing cross-origin requests to server endpoints (including SSE paths). The issue has been patched in those versions (0.83.0, 1.0.1,...