Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-20146
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
Gorillatoolkit Handlers
9.8
CVSSv3
CVE-2020-26527
An issue exists in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: *' header.
Damstratechnology Smart Asset 2020.7
1 Github repository
7.5
CVSSv3
CVE-2015-5236
It exists that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass...
Icedtea-web Project Icedtea-web -
8.8
CVSSv3
CVE-2020-5742
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.
Plex Media Server
5.4
CVSSv3
CVE-2020-0647
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.
Microsoft Office Online Server -
1 Article
5.4
CVSSv3
CVE-2020-0695
A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.
Microsoft Office Online Server -
2 Articles
5.9
CVSSv3
CVE-2015-9243
When server level, connection level or route level CORS configurations in hapi node module prior to 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have ...
Hapijs Hapi
6.5
CVSSv3
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. T...
Mozilla Thunderbird
Mozilla Firefox Esr
Mozilla Firefox
5.3
CVSSv3
CVE-2023-44216
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can s...
Canonical Ubuntu Linux 22.04
Amd Ryzen 7 4800u -
Intel Core I7-10510u -
Intel Core I7-12700k -
Intel Core I7-8700 -
Microsoft Windows 11 -
Intel Core I7-10610u -
Intel Core I7-11800h -
Nvidia Geforce Rtx 3060 -
Microsoft Windows 10 -
Amd Ryzen 5 7600x -
Nvidia Geforce Rtx 2080 Super -
Apple Macos 13.1
Apple M1 Mac Mini -
Google Android 13.0
Google Pixel 6 -
NA
CVE-2015-1646
Microsoft XML Core Services (aka MSXML) 3.0 allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."
Microsoft Xml Core Services 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »