Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5647
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin prior to 1.0.5-3 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Redhat Openshift Origin
Redhat Openshift 1.0
7.5
CVSSv3
CVE-2023-49803
@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origi...
Koajs Cross-origin Resource Sharing For Koa
7.5
CVSSv3
CVE-2021-36773
uBlock Origin prior to 1.36.2 and nMatrix prior to 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functional...
Sciruby Nmatrix
Ublockorigin Ublock Origin
Umatrix Project Umatrix
Debian Debian Linux 9.0
NA
CVE-2013-1727
Mozilla Firefox prior to 24.0 on Android allows malicious users to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
Mozilla Firefox 19.0
Mozilla Firefox 22.0
Mozilla Firefox 20.0
Mozilla Firefox
Mozilla Firefox 19.0.2
Mozilla Firefox 19.0.1
Mozilla Firefox 23.0
Mozilla Firefox 21.0
Mozilla Firefox 20.0.1
1 EDB exploit
NA
CVE-2010-1663
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome prior to 4.1.249.1064 allows remote malicious users to bypass the Same Origin Policy via unspecified vectors.
Google Chrome 4.1.249.1006
Google Chrome 4.1.249.1001
Google Chrome 4.1.249.1004
Google Chrome 4.1.249.1012
Google Chrome 4.1.249.1013
Google Chrome 4.1.249.1021
Google Chrome 4.1.249.1022
Google Chrome 4.1.249.1029
Google Chrome 4.1.249.1030
Google Chrome 4.1.249.1042
Google Chrome 4.1.249.1045
Google Chrome 4.1.249.1053
Google Chrome 4.1.249.1054
Google Chrome 4.1.249.1061
Google Chrome 4.1.249.1062
Google Chrome 3.0.195.37
Google Chrome 3.0.195.33
Google Chrome 2.0.172.38
Google Chrome 2.0.157.2
Google Chrome 2.0.172.31
Google Chrome 2.0.172.30
Google Chrome 2.0.169.0
1 EDB exploit
8.8
CVSSv3
CVE-2019-6739
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the...
Malwarebytes Antimalware 3.6.1.2711
NA
CVE-2011-0536
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dyna...
Gnu Glibc 2.5-49.el5 5.6
Gnu Glibc 2.12-1.7.el6 0.3
Redhat Enterprise Linux
1 EDB exploit
NA
CVE-2001-0898
Opera 6.0 and previous versions allows remote malicious users to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
Opera Software Opera Web Browser
1 EDB exploit
5.3
CVSSv3
CVE-2017-18016
Parity Browser 1.6.10 and previous versions allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
Parity Browser 1.6.10
1 EDB exploit
4.3
CVSSv3
CVE-2018-0269
A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote malicious user to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Reso...
Cisco Digital Network Architecture Center 1.1
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »