Lucene search
+L

380 matches found

Snyk
Snyk
added 2025/11/12 9:57 a.m.4 views

Origin Validation Error

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Origin Validation Error via improper validation of the Origin HTTP header in the Observability AI Assistant. An attacker can make...

5.3CVSS6.8AI score0.00199EPSS
Exploits0References2
CVE
CVE
added 2025/11/12 9:57 a.m.14 views

CVE-2025-37734

CVE-2025-37734 describes an Origin Validation Error in Kibana that can enable Server-Side Request Forgery when a forged Origin header is processed by the Observability AI Assistant. Publicly cited details indicate affected Kibana versions include 8.12.x prior to 8.19.7, 9.1.x prior to 9.1.7, and ...

4.3CVSS6.4AI score0.00199EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/11/12 9:57 a.m.9 views

EUVD-2025-124976

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

4.3CVSS6.3AI score0.00199EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/12 9:57 a.m.4 views

CVE-2025-37734 Kibana Origin Validation Error

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

4.3CVSS6.4AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 9:57 a.m.7 views

CVE-2025-37734 Kibana Origin Validation Error

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

4.3CVSS6.1AI score0.00199EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.6 views

PT-2025-46587

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An origin validation error in Kibana may allow for Server-Side Request Forgery SSRF through a manipulated Origin HTTP header. This manipulation occurs during processing by the Observability AI...

4.3CVSS6.6AI score0.00199EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/10/27 8:10 p.m.4 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS6.5AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/27 8:10 p.m.7 views

EUVD-2025-36363

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS6.4AI score0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/27 8:10 p.m.13 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS0.00186EPSS
Exploits0References2
CVE
CVE
added 2025/10/27 8:10 p.m.14 views

CVE-2025-62523

PLOS (PILOS) before 4.8.0 contains a CORS misconfiguration in middleware: it reflects the Origin header in Access-Control-Allow-Origin with credentials allowed, potentially enabling cross-origin requests with user credentials. Laravel’s session handling adds origin checks that prevent cross-origi...

6.3CVSS6.5AI score0.00186EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/27 8:10 p.m.7 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS6.9AI score0.00186EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/16 7:49 p.m.9 views

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

Summary A CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses. Technical Details By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header...

6.5CVSS6.8AI score0.00269EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/16 7:49 p.m.6 views

EUVD-2025-34775

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration...

6.5CVSS6.3AI score0.00269EPSS
Exploits1References4
OSV
OSV
added 2025/10/16 7:49 p.m.4 views

GHSA-9329-MXXW-QWF8 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

Summary A CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses. Technical Details By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header...

7.5CVSS6.8AI score0.00269EPSS
Exploits1References5
NVD
NVD
added 2025/10/16 5:15 p.m.9 views

CVE-2025-53092

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...

6.5CVSS0.00269EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/16 4:29 p.m.5 views

CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...

6.5CVSS6.3AI score0.00269EPSS
Exploits1References1
OSV
OSV
added 2025/10/16 4:29 p.m.6 views

CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...

6.5CVSS6.7AI score0.00269EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-17298

Malware in sbrugna...

8.8CVSS8.8AI score0.02597EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7978

Malware in sbrugna...

7.5CVSS8AI score0.03043EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-18398

Malware in sbrugna...

9.3CVSS8.8AI score0.02122EPSS
Exploits0References4
Rows per page
Query Builder