Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2012-5647
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin prior to 1.0.5-3 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Redhat Openshift Origin
Redhat Openshift 1.0
NA
CVE-2023-49803
@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origi...
Koajs Cross-origin Resource Sharing For Koa
445
VMScore
CVE-2021-36773
uBlock Origin prior to 1.36.2 and nMatrix prior to 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functional...
Sciruby Nmatrix
Ublockorigin Ublock Origin
Umatrix Project Umatrix
Debian Debian Linux 9.0
405
VMScore
CVE-2013-1727
Mozilla Firefox prior to 24.0 on Android allows malicious users to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
Mozilla Firefox 19.0
Mozilla Firefox 22.0
Mozilla Firefox 20.0
Mozilla Firefox
Mozilla Firefox 19.0.2
Mozilla Firefox 19.0.1
Mozilla Firefox 23.0
Mozilla Firefox 21.0
Mozilla Firefox 20.0.1
1 EDB exploit
1000
VMScore
CVE-2010-1663
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome prior to 4.1.249.1064 allows remote malicious users to bypass the Same Origin Policy via unspecified vectors.
Google Chrome 4.1.249.1006
Google Chrome 4.1.249.1001
Google Chrome 4.1.249.1004
Google Chrome 4.1.249.1012
Google Chrome 4.1.249.1013
Google Chrome 4.1.249.1021
Google Chrome 4.1.249.1022
Google Chrome 4.1.249.1029
Google Chrome 4.1.249.1030
Google Chrome 4.1.249.1042
Google Chrome 4.1.249.1045
Google Chrome 4.1.249.1053
Google Chrome 4.1.249.1054
Google Chrome 4.1.249.1061
Google Chrome 4.1.249.1062
Google Chrome 3.0.195.37
Google Chrome 3.0.195.33
Google Chrome 2.0.172.38
Google Chrome 2.0.157.2
Google Chrome 2.0.172.31
Google Chrome 2.0.172.30
Google Chrome 2.0.169.0
1 EDB exploit
605
VMScore
CVE-2019-6739
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the...
Malwarebytes Antimalware 3.6.1.2711
695
VMScore
CVE-2011-0536
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dyna...
Gnu Glibc 2.5-49.el5 5.6
Gnu Glibc 2.12-1.7.el6 0.3
Redhat Enterprise Linux
1 EDB exploit
505
VMScore
CVE-2001-0898
Opera 6.0 and previous versions allows remote malicious users to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
Opera Software Opera Web Browser
1 EDB exploit
505
VMScore
CVE-2017-18016
Parity Browser 1.6.10 and previous versions allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
Parity Browser 1.6.10
1 EDB exploit
383
VMScore
CVE-2018-0269
A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote malicious user to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Reso...
Cisco Digital Network Architecture Center 1.1
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »