Lucene search
+L

186 matches found

osv
osv
added 2025/08/06 9:15 p.m.5 views

UBUNTU-CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

7.5CVSS6.6AI score0.00572EPSS
Exploits0References5
debiancve
debiancve
added 2025/08/06 8:41 p.m.6 views

CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

7.5CVSS7AI score0.00572EPSS
Exploits0
osv
osv
added 2025/08/06 8:41 p.m.4 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

7.5CVSS6.9AI score0.00572EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2025/08/06 8:41 p.m.5 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

6.3AI score0.00572EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/08/06 12:0 a.m.7 views

Go CORS handler 安全漏洞

Go CORS handler is a configurable handler for handling CORS requests by the individual developer Olivier Poitrey. A security vulnerability exists in Go CORS handler that stems from a potential over-allocation of heap when handling malicious preflight requests, which could lead to a denial of...

7.5CVSS6.3AI score0.00572EPSS
Exploits0References3
susecve
susecve
added 2025/07/23 11:25 p.m.4 views

SUSE CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

6.8CVSS7.4AI score0.00417EPSS
Exploits0References6
nvd
nvd
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS0.00417EPSS
Exploits0References6
alpinelinux
alpinelinux
added 2025/07/22 9:15 p.m.6 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS6AI score0.00417EPSS
Exploits0References6
osv
osv
added 2025/07/22 9:15 p.m.6 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References6
osv
osv
added 2025/07/22 9:15 p.m.5 views

UBUNTU-CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS7.5AI score0.00417EPSS
Exploits0References9
attackerkb
attackerkb
added 2025/07/22 8:49 p.m.3 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References6
debiancve
debiancve
added 2025/07/22 8:49 p.m.7 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS8AI score0.00417EPSS
Exploits0
mozilla
mozilla
added 2025/07/22 12:0 a.m.12 views

Security Vulnerabilities fixed in Firefox ESR 140.1 — Mozilla

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...

9.8CVSS7.8AI score0.00472EPSS
Exploits0References14Affected Software1
freebsd
freebsd
added 2025/07/22 12:0 a.m.7 views

Mozilla -- CORS circumvention

[email protected] reports: Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding...

8.1CVSS6.7AI score0.00417EPSS
Exploits0References1
susecve
susecve
added 2025/02/14 6:24 a.m.4 views

SUSE CVE-2023-34049

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script wi...

8.4CVSS7.2AI score0.00187EPSS
Exploits0References18
cnnvd
cnnvd
added 2024/11/14 12:0 a.m.5 views

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. Salt has a security vulnerability that stems from the Salt-SSH preflight option copying scripts to predictable paths to the target, which allows an attacker to forc...

6.7CVSS7.2AI score0.00187EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/09/02 12:0 a.m.6 views

PT-2024-9154 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 Nextcloud Server versions prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8 Nextcloud Enterprise Server versions prior to 28.0.10 Nextcloud Enterprise Server versions prior to...

6.8CVSS7AI score0.00779EPSS
Exploits0References10
veracode
veracode
added 2024/07/08 7:28 a.m.13 views

Denial Of Service (DoS)

github.com/rs/cors is vulnerable to Denial of Service DoS. The vulnerability is due to excessive heap allocations when processing malicious preflight requests that include an Access-Control-Request-Headers ACRH header with many commas, which allows attackers can cause undue stress on the...

7AI score
Exploits0
github
github
added 2024/07/05 7:42 p.m.14 views

Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

7.5CVSS7AI score0.00572EPSS
Exploits0References6Affected Software1
githubexploit
githubexploit
added 2024/04/04 1:31 p.m.298 views

Exploit for Embedded Malicious Code in Tukaani Xz

ansible-CVE-2024-3094 Ansible playbooks designed to check and...

10CVSS9.8AI score0.85974EPSS
Exploits40
Rows per page
Query Builder