5 matches found
CVE-2026-30924
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
UBUNTU-CVE-2026-30924
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
UBUNTU-CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS...
DEBIAN-CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...
DEBIAN-CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS...