Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Bypass
Apache NiFi: Missing Validation for Proxy Host Headers
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations
webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebin...
Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure
Cross-Site WebSocket Hijacking in Spring for GraphQL
Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet
Insufficient verification that responses belong to a query
Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform
gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection
CORS Origin Validation Bypass in jupyter-server
AIOHTTP vulnerable to cross-origin redirect with per-request cookies
NamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swapping
SillyTavern: Authentication Bypass via SSO Header Injection
Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection
RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console
Kuma: Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin
An origin validation error vulnerability in Synology Assistant before 7
Showing 1 - 20 of 1,000+ results