Lucene search
+L

161 matches found

Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-21761 CORS Misconfiguration in DevOps Loop

HCL DevOps Loop is affected by a Cross-Origin Resource Sharing CORS misconfiguration. Improper CORS configuration may allow unauthorized cross-origin requests, potentially exposing application resources to untrusted domains...

4.2CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 4 days ago10 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS0.00264EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 10:16 a.m.10 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

7.5CVSS0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 8:51 a.m.8 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 8:51 a.m.10 views

EUVD-2026-42552

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 8:51 a.m.15 views

CVE-2026-56458

Technical details about CVE-2026-56458 are not publicly available in the provided documents. No affected versions, root cause specifics, exploits, or mitigations are disclosed here. Monitor for updates from vendors or CVE pages.

7.5CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/09 8:51 a.m.36 views

CVE-2026-56458 HCL DevOps Deploy is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:39 p.m.46 views

CVE-2026-12084 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:39 p.m.8 views

CVE-2026-12084

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53967

Name of the Vulnerable Software and Affected Versions IBM DevOps Deploy versions 8.1 through 8.1.2.6 IBM DevOps Deploy versions 8.2 through 8.2.1.0 Description Cross-Origin Resource Sharing CORS, a mechanism that allows restricted resources on a web page to be requested from another domain, is...

7.5CVSS5.9AI score0.00162EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:51 p.m.10 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains (CVE-2026-12084)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. CVE-2026-12084. Vulnerability Details...

7.5CVSS5.9AI score0.00162EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/12 4:16 p.m.17 views

CVE-2026-50087

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS0.00204EPSS
Exploits1References2
NVD
NVD
added 2026/06/12 4:16 p.m.15 views

CVE-2026-50088

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS0.00215EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.29 views

CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS0.00215EPSS
Exploits1References2
CVE
CVE
added 2026/06/12 3:1 p.m.23 views

CVE-2026-50088

The CVE-2026-50088 entry concerns cross-origin request sharing in Aqara’s Developer Portal (developer.aqara.com) and its shared test environments (developer-test.aqara.com, aiot-test.aqara.com). The issue is CWE-942: Permissive Cross-domain Policy with Untrusted Domains, with CVSS v3.1 vector AV:...

8.2CVSS5.3AI score0.00215EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/12 3:1 p.m.8 views

EUVD-2026-36478

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS5.3AI score0.00215EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.29 views

CVE-2026-50087 Aqara IAM/SSO Gateway cross-origin resource sharing

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS0.00204EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.11 views

CVE-2026-50087 Aqara IAM/SSO Gateway cross-origin resource sharing

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS5.3AI score0.00204EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/12 3:1 p.m.8 views

EUVD-2026-36477

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS5.2AI score0.00204EPSS
Exploits1References2
Rows per page
Query Builder