Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2020-0647
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.
Microsoft Office Online Server -
1 Article
516
VMScore
CVE-2020-0695
A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.
Microsoft Office Online Server -
2 Articles
383
VMScore
CVE-2015-9243
When server level, connection level or route level CORS configurations in hapi node module prior to 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have ...
Hapijs Hapi
383
VMScore
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. T...
Mozilla Thunderbird
Mozilla Firefox Esr
Mozilla Firefox
NA
CVE-2023-44216
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can s...
Canonical Ubuntu Linux 22.04
Amd Ryzen 7 4800u -
Intel Core I7-10510u -
Intel Core I7-12700k -
Intel Core I7-8700 -
Microsoft Windows 11 -
Intel Core I7-10610u -
Intel Core I7-11800h -
Nvidia Geforce Rtx 3060 -
Microsoft Windows 10 -
Amd Ryzen 5 7600x -
Nvidia Geforce Rtx 2080 Super -
Apple Macos 13.1
Apple M1 Mac Mini -
Google Android 13.0
Google Pixel 6 -
383
VMScore
CVE-2015-1646
Microsoft XML Core Services (aka MSXML) 3.0 allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."
Microsoft Xml Core Services 3.0
383
VMScore
CVE-2021-30615
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
Fedoraproject Fedora 35
Microsoft Edge
Microsoft Edge Chromium
516
VMScore
CVE-2019-1445
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.
Microsoft Office Online Server -
1 Article
516
VMScore
CVE-2019-1447
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445.
Microsoft Office Online Server -
1 Article
605
VMScore
CVE-2016-6806
Apache Wicket 6.x prior to 6.25.0, 7.x prior to 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin w...
Apache Wicket 6.24.0
Apache Wicket 6.21.0
Apache Wicket 6.22.0
Apache Wicket 6.23.0
Apache Wicket 6.20.0
Apache Wicket 7.0.0
Apache Wicket 7.1.0
Apache Wicket 7.2.0
Apache Wicket 7.3.0
Apache Wicket 7.4.0
Apache Wicket 8.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »