Lucene search
K

328 matches found

Snyk
Snyk
added 6 days ago4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the CookieJar process. An attacker can access or manipulate cookies belonging to other hosts by exploiting improper domain matching for IP-address or bare-numeric domains. Remediation Upgrade guzzlehttp/guzzl...

6.1CVSS6.1AI score0.00115EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 10:10 p.m.9 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via insufficient validation of the Origin header and improper handling of request paths in the local HTTP server. An attacker can access and exfiltrate arbitrary local files by sending crafted requests from a...

8.7CVSS6.1AI score0.00181EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 9:15 p.m.8 views

Origin Validation Error

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Origin Validation Error via the actionResourceJs process. An attacker can execute arbitrary JavaScript in the context of an administrator's browser and potentially achieve remote code executi...

9.2CVSS6.6AI score0.0033EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:52 p.m.4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the JWT validation process. An attacker can gain unauthorized access by presenting a validly signed token from a trusted issuer, originally intended for a different service, to the authentication system. This ...

4.2CVSS6AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:52 p.m.6 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the JWT validation process. An attacker can gain unauthorized access by presenting a validly signed token from a trusted issuer, originally intended for a different service, to the authentication system. This ...

4.2CVSS6AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:52 p.m.4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the JWT validation process. An attacker can gain unauthorized access by presenting a validly signed token from a trusted issuer, originally intended for a different service, to the authentication system. This ...

4.2CVSS6AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.8 views

Origin Validation Error

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...

8.8CVSS6.4AI score0.00358EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

Origin Validation Error

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to...

8.8CVSS6.4AI score0.00358EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/08 4:34 p.m.14 views

CVE-2026-43972

A flaw was found in gun. A malicious or compromised HTTP/2 server can exploit an Origin Validation Error vulnerability by injecting unvalidated HTTP/2 PUSHPROMISE authority. This allows the server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. This...

6.3CVSS5.6AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 2:12 p.m.12 views

EUVD-2026-35073

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 2:12 p.m.43 views

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47298

Name of the Vulnerable Software and Affected Versions ninenines gun versions 2.0.0 through 2.3.x Description An origin validation error in the gun http2 module allows cross-origin cookie injection through an unvalidated HTTP/2 PUSH PROMISE authority. In the push promise frame function, the...

6.3CVSS5.6AI score0.00215EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-71214

An origin validation error vulnerability in the Trend Micro Apex One mac agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7.8CVSS7.5AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.12 views

CVE-2025-71213

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS7.5AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6508

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

9.8CVSS5.4AI score0.00223EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/03 9:34 p.m.15 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the cookies parameter, which is processed by connectandsendrequest in client.py. An attacker who can control a redirect on a request that passes cookies on a per-request basis can expose data from those...

8.7CVSS5.5AI score0.0015EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 a.m.12 views

CVE-2025-66593

An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 a.m.14 views

CVE-2025-66592

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/05/28 12:0 a.m.16 views

TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

7.8CVSS7AI score0.00246EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 12:26 p.m.14 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Test management Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an...

7.5CVSS6.6AI score0.00827EPSS
Exploits0Affected Software1
Rows per page
Query Builder