Lucene search
K

366 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

7.5CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-57111

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-59804 Midscene Bridge Server - Session Hijack via Unauthenticated WebSocket

Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...

7.6CVSS0.00213EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/06 9:14 p.m.6 views

Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing

Summary Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the...

6.8CVSS5.9AI score0.00222EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/02 2:49 p.m.30 views

CVE-2026-55110

Summary: CVE-2026-55110 describes a CORS misconfiguration in UniFi OS that could allow a malicious page to trigger actions in UniFi OS using an authenticated user’s session after the user visits a malicious page. Affected software/component: UniFi OS (CORS configuration issue). Root cause: CORS m...

7.5CVSS5.7AI score0.00141EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.9 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS5.7AI score0.00141EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54833

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS0.00236EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:51 p.m.9 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains (CVE-2026-12084)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. CVE-2026-12084. Vulnerability Details...

7.5CVSS5.9AI score0.00162EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2026/06/17 6:36 p.m.16 views

Cross-Origin Resource Sharing (CORS) Misconfiguration

hono is vulnerable to Cross-Origin Resource Sharing CORS Misconfiguration. The vulnerability is due to reflecting arbitrary Origin headers while allowing credentials when no explicit origin is configured, which allows an attacker-controlled website to make authenticated cross-origin requests and...

7.1CVSS5.4AI score0.00248EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/12 3:1 p.m.17 views

CVE-2026-50087

Technical details (affected product/version, root cause, remediation) are not publicly available in the provided documents. Monitor for updates.

8.2CVSS5.3AI score0.00204EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.7 views

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.10 views

Jupyter Server 安全漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. There are security vulnerabilities in the version of Jupyter Server from 1.12.0 to 2.17.0. These vulnerabilities stem from the use of re.match in CORS source...

8.8CVSS6.1AI score0.00197EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/29 8:4 a.m.10 views

CVE-2026-10056 CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origin request

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:38 p.m.37 views

CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

9.4CVSS0.00279EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.10 views

CVE-2026-34331

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

7CVSS5.9AI score0.0019EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/07 2:0 p.m.14 views

Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

3.1CVSS5.8AI score0.00216EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

open-notebook 安全漏洞

Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.1 of Open-Notebook contains a security vulnerability. This vulnerability stems from improper input validation and overly permissive default CORS configurations. It could allow remote attackers ...

8.7CVSS5.8AI score0.00144EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 10:37 p.m.26 views

CVE-2026-41057

CVE-2026-41057 affects WWBN AVideo (versions 29.0 and below). The issue arises from two incomplete CORS mitigations: (1) in plugin/API/router.php (lines 4–8) the server unconditionally reflects arbitrary Origin before application code runs, and (2) get.json.php and set.json.php call allowOrigin(t...

7.1CVSS5.9AI score0.00132EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

PraisonAI 信息泄露漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained an information leakage vulnerability. This vulnerability stemmed from the AgentOS deployment platform not implementing authentication, and the default CORS...

5.3CVSS5.8AI score0.00758EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 8:38 a.m.23 views

CVE-2026-37977

CVE-2026-37977 affects Keycloak’s User-Managed Access (UMA) token endpoint. A flaw in CORS handling arises when the azp claim from a client-supplied JWT is used to set the Access-Control-Allow-Origin header before JWT validation, allowing an attacker-controlled origin to be reflected in responses...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder