380 matches found
Origin Validation Error
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Origin Validation Error via improper validation of the Origin HTTP header in the Observability AI Assistant. An attacker can make...
CVE-2025-37734
CVE-2025-37734 describes an Origin Validation Error in Kibana that can enable Server-Side Request Forgery when a forged Origin header is processed by the Observability AI Assistant. Publicly cited details indicate affected Kibana versions include 8.12.x prior to 8.19.7, 9.1.x prior to 9.1.7, and ...
EUVD-2025-124976
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...
CVE-2025-37734 Kibana Origin Validation Error
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...
CVE-2025-37734 Kibana Origin Validation Error
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...
PT-2025-46587
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An origin validation error in Kibana may allow for Server-Side Request Forgery SSRF through a manipulated Origin HTTP header. This manipulation occurs during processing by the Observability AI...
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
EUVD-2025-36363
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-62523
PLOS (PILOS) before 4.8.0 contains a CORS misconfiguration in middleware: it reflects the Origin header in Access-Control-Allow-Origin with credentials allowed, potentially enabling cross-origin requests with user credentials. Laravel’s session handling adds origin checks that prevent cross-origi...
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Summary A CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses. Technical Details By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header...
EUVD-2025-34775
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration...
GHSA-9329-MXXW-QWF8 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Summary A CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses. Technical Details By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header...
CVE-2025-53092
Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...
EUVD-2017-17298
Malware in sbrugna...
EUVD-2019-7978
Malware in sbrugna...
EUVD-2018-18398
Malware in sbrugna...