3 matches found
CVE-2026-56277
Flowise (pre-3.1.2) exposes a security flaw in its text-to-speech (TTS) endpoint. The endpoint at packages/server/src/controllers/text-to-speech/index.ts sets Access-Control-Allow-Origin to a hardcoded wildcard (*), bypassing the server’s configured CORS policy and enabling cross-origin requests ...
EUVD-2026-32527
Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...
PT-2025-5257 · Vite · Vite
Name of the Vulnerable Software and Affected Versions: Vite versions prior to 6.0.9 Vite versions prior to 5.4.12 Vite versions prior to 4.5.6 Description: Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of...