EUVD-2026-34215

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

CVE-2025-9292

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

ceph: RGW crash upon misconfigured CORS rule

A flaw was found in Ceph. Certain misconfigurations of CORS rules in Ceph could result in a significantly large memory allocation. This issue can lead to RGW crashing and a denial of service from an authenticated user on the network...

Cloudflare Public Bug Bounty: HTTP request smuggling with Origin Rules using newlines in the host_header action parameter

The hostheader action parameter available to rulesets in the Origin Rules API lacked sufficient input validation i.e., allowing CRLF characters. Because of this, it was possible to inject arbitrary headers and, as a consequence, smuggle HTTP requests. This vulnerability enabled bypassing security...