Lucene search
+L

380 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2019-13611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket...

8.8CVSS6.9AI score0.00828EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.7 views

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

8.1CVSS6.8AI score0.00202EPSS
Exploits1References1
NVD
NVD
added 2025/08/22 4:15 p.m.8 views

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

8.1CVSS0.00202EPSS
Exploits1References1
OSV
OSV
added 2025/08/22 4:15 p.m.6 views

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

8.1CVSS5.8AI score0.00202EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.9 views

PT-2025-34373 · Shopizer · Shopizer

Name of the Vulnerable Software and Affected Versions: Shopizer version 3.2.7 Description: The server’s Cross-Origin Resource Sharing CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling...

8.1CVSS6.6AI score0.00202EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.4 views

Shopizer 安全漏洞

Shopizer is a Java-based open source e-commerce solution from the Shopizer team. A security vulnerability exists in Shopizer version 3.2.7, which stems from a CORS implementation that does not validate the Origin header, which could result in a cross-domain read of a sensitive response...

8.1CVSS6.6AI score0.00202EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.14 views

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

0.00202EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.4 views

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

6.7AI score0.00202EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/21 12:26 a.m.20 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

5.3CVSS7.1AI score0.00356EPSS
Exploits0References1
NVD
NVD
added 2025/08/19 3:15 p.m.59 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

5.3CVSS0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/19 12:0 a.m.10 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

7AI score0.00356EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/19 12:0 a.m.57 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.16 views

PT-2025-33735 · Unknown · Nginx Proxy Manager

Name of the Vulnerable Software and Affected Versions: Nginx Proxy Manager version 2.12.3 Description: A Cross-Origin Resource Sharing CORS misconfiguration allows unauthorized domains to access sensitive data, specifically JSON Web Tokens JWT, due to improper validation of the Origin header. Thi...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References7
OSV
OSV
added 2025/08/19 12:0 a.m.4 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

5.3CVSS6.8AI score0.00356EPSS
Exploits0References4
CVE
CVE
added 2025/08/19 12:0 a.m.31 views

CVE-2025-50579

CVE-2025-50579 affects Nginx Proxy Manager v2.12.3, where a CORS misconfiguration allows unauthorized domains to access sensitive data (JWT tokens) due to improper Origin header validation. Attack possible via a simple browser script to exfiltrate tokens to a remote server, potentially enabling u...

5.3CVSS7AI score0.00356EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2017-20146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, whi...

9.8CVSS7.8AI score0.00699EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/17 11:11 p.m.11 views

CVE-2025-52621

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning...

5.3CVSS7.2AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2025/08/16 4:16 a.m.10 views

CVE-2025-7664

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the checkactivatepermission permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.1.1. The callback reads the client-supplied...

7.5CVSS0.00485EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.16 views

CVE-2025-7664 Al Pack <= 1.1.1 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the checkactivatepermission permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.1.1. The callback reads the client-supplied...

7.5CVSS0.00485EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/16 3:38 a.m.7 views

CVE-2025-7664 Al Pack <= 1.1.1 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the checkactivatepermission permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.1.1. The callback reads the client-supplied...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References4
Rows per page
Query Builder