Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origin request
RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console
Kuma: Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790)
GitLab MCP Server: SSE transport has no authentication and wildcard CORS, exposing all GitLab tools
Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *
Cleanuparr: Reflective CORS combined with trusted-network auth allows cross-origin admin API reads
ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy
alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy
AVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account Takeover
Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy
farion1231 cc-switch ProxyServer server.rs cross-domain policy
Permissive Cross-domain Policy with Untrusted Domains in coolercontrold
Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard
vanna-ai vanna FastAPI/Flask Server cross-domain policy
SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection
MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)
Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface
Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port
Showing 1 - 20 of 1,000+ results