Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2020-0647
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.
Microsoft Office Online Server -
1 Article
5.8
CVSSv2
CVE-2020-0695
A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.
Microsoft Office Online Server -
2 Articles
4.3
CVSSv2
CVE-2015-9243
When server level, connection level or route level CORS configurations in hapi node module prior to 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have ...
Hapijs Hapi
4.3
CVSSv2
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. T...
Mozilla Thunderbird
Mozilla Firefox Esr
Mozilla Firefox
NA
CVE-2023-44216
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can s...
Canonical Ubuntu Linux 22.04
Amd Ryzen 7 4800u -
Intel Core I7-10510u -
Intel Core I7-12700k -
Intel Core I7-8700 -
Microsoft Windows 11 -
Intel Core I7-10610u -
Intel Core I7-11800h -
Nvidia Geforce Rtx 3060 -
Microsoft Windows 10 -
Amd Ryzen 5 7600x -
Nvidia Geforce Rtx 2080 Super -
Apple Macos 13.1
Apple M1 Mac Mini -
Google Android 13.0
Google Pixel 6 -
4.3
CVSSv2
CVE-2015-1646
Microsoft XML Core Services (aka MSXML) 3.0 allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."
Microsoft Xml Core Services 3.0
5.8
CVSSv2
CVE-2019-1445
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.
Microsoft Office Online Server -
1 Article
5.8
CVSSv2
CVE-2019-1447
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445.
Microsoft Office Online Server -
1 Article
4.3
CVSSv2
CVE-2021-30615
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
Fedoraproject Fedora 35
Microsoft Edge
Microsoft Edge Chromium
6.8
CVSSv2
CVE-2016-6806
Apache Wicket 6.x prior to 6.25.0, 7.x prior to 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin w...
Apache Wicket 6.24.0
Apache Wicket 6.21.0
Apache Wicket 6.22.0
Apache Wicket 6.23.0
Apache Wicket 6.20.0
Apache Wicket 7.0.0
Apache Wicket 7.1.0
Apache Wicket 7.2.0
Apache Wicket 7.3.0
Apache Wicket 7.4.0
Apache Wicket 8.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »