CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•7 views

CVE-2026-45173

8.4CVSS

CVE•added yesterday•8 views

CVE-2026-45173

The CVE concerns Idira Identity Browser Extension for Chrome, Firefox, and Edge, with versions prior to 26.8.1. A flaw in origin validation within internal web-page verification routines could allow a remote attacker to trigger unauthorized application interaction or execution parameters within a...

8.4CVSS5.8AI score

Cvelist•added yesterday•28 views

CVE-2026-45173 Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure

8.4CVSS

Positive Technologies•added yesterday•6 views

PT-2026-48789

8.4CVSS5.8AI score

RedhatCVE•added 4 days ago•5 views

CVE-2026-43972

A flaw was found in gun. A malicious or compromised HTTP/2 server can exploit an Origin Validation Error vulnerability by injecting unvalidated HTTP/2 PUSHPROMISE authority. This allows the server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. This...

6.3CVSS5.6AI score0.00018EPSS

NVD•added 4 days ago•6 views

CVE-2026-43972

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS0.00018EPSS

Cvelist•added 4 days ago•36 views

CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

6.3CVSS0.00018EPSS

CVE•added 4 days ago•12 views

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

Vulnrichment•added 4 days ago•3 views

CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

EUVD•added 4 days ago•5 views

EUVD-2026-35073

OSV•added 4 days ago•5 views

EEF-CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Summary Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised...

Positive Technologies•added 4 days ago•5 views

PT-2026-47298

Name of the Vulnerable Software and Affected Versions ninenines gun versions 2.0.0 through 2.3.x Description An origin validation error in the gun http2 module allows cross-origin cookie injection through an unvalidated HTTP/2 PUSH PROMISE authority. In the push promise frame function, the...

6.3CVSS5.6AI score0.00018EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:51 p.m.•4 views

CVE-2025-71217

An origin validation error vulnerability in the Trend Micro Apex One mac agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord...

7.8CVSS7.5AI score0.0001EPSS

RedhatCVE•added 2026/06/05 7:51 p.m.•6 views

CVE-2025-71214

An origin validation error vulnerability in the Trend Micro Apex One mac agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7.8CVSS7.5AI score0.0001EPSS

RedhatCVE•added 2026/06/05 7:31 p.m.•9 views

CVE-2025-71213

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS7.5AI score0.0001EPSS

RedhatCVE•added 2026/06/05 7:22 p.m.•6 views

CVE-2026-34930

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute...

7.8CVSS7.1AI score0.00008EPSS

RedhatCVE•added 2026/06/05 7:22 p.m.•5 views

CVE-2026-34929

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first obtain the ability to...

7.8CVSS7.1AI score0.00014EPSS

RedhatCVE•added 2026/06/05 7:22 p.m.•5 views

CVE-2026-34927

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS7.1AI score0.00014EPSS

RedhatCVE•added 2026/06/05 7:21 p.m.•4 views

CVE-2026-34928

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to...

7.8CVSS7.1AI score0.00008EPSS