Search Vulnerabilities

AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses

pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy

farion1231 cc-switch ProxyServer server.rs cross-domain policy

Missing Host Header Validation in Apollo MCP Server for Localhost Deployments

Zammad has an origin validation error in SSO mechanism

MCP Java-SDK has a DNS Rebinding Vulnerability

Directus is Missing Cross-Origin Opener Policy

Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim

Electron: Incorrect origin passed to permission request handler for iframe requests

signalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow

vanna-ai vanna FastAPI/Flask Server cross-domain policy

HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core

Parse Server: GraphQL API endpoint ignores CORS origin restriction

CoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keys

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability

pyload-ng: Improper Authentication and Origin Validation Error

Cryptomator for Android: Tampered vault configuration allows MITM attack on Hub API

Cryptomator for IOS: Tampered vault configuration allows MITM attack on Hub API

Cryptomator: Tampered vault configuration allows MITM attack on Hub API