Search Vulnerabilities

AVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account Takeover

Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS

ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy

farion1231 cc-switch ProxyServer server.rs cross-domain policy

Permissive Cross-domain Policy with Untrusted Domains in coolercontrold

Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

vanna-ai vanna FastAPI/Flask Server cross-domain policy

SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection

MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)

Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface

Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability

mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

qui CORS Misconfiguration: Arbitrary Origins Trusted

Glances's Default CORS Configuration Allows Cross-Origin Credential Theft

AnythingLLM Permissable CORS policy

Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

CollabPlatform : CORS Misconfiguration Allows Arbitrary Origin With Credentials Leading to Authenticated Account Data Exposure

Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers