Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/06/25 6:5 p.m.4 views

CVE-2026-46608 Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS5.8AI score0.00409EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 6:5 p.m.37 views

CVE-2026-46608 Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS0.00401EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/19 2:20 p.m.10 views

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/19 2:20 p.m.10 views

EUVD-2026-37760

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

Origin Validation Error

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.8 views

Origin Validation Error

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 4:36 p.m.23 views

CVE-2026-6734 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

7.5CVSS0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50513

Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 8.1.0 Description When using Socks5ProxyAgent, the software reuses a single connection pool across different origins without verifying if the pool's origin matches the requested origin. This leads to cross-origin...

8.8CVSS5.8AI score0.00323EPSS
Exploits0References60
Rows per page
Query Builder