Vulnerabilities > Origin Validation Error

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-44212 Origin Validation Error vulnerability in Apple products
A cookie management issue was addressed with improved state management.
network
low complexity
apple CWE-346
5.3
2024-10-29 CVE-2024-6674 Origin Validation Error vulnerability in Lollms web UI
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services.
network
low complexity
lollms CWE-346
7.1
2024-09-17 CVE-2024-44187 Origin Validation Error vulnerability in Apple products
A cross-origin issue existed with "iframe" elements.
network
low complexity
apple CWE-346
6.5
2024-08-12 CVE-2024-41475 Origin Validation Error vulnerability in SIR Gnuboard 6.0.7
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
network
low complexity
sir CWE-346
8.8
2024-08-06 CVE-2024-23458 Origin Validation Error vulnerability in Zscaler Client Connector
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation.
local
low complexity
zscaler CWE-346
7.8
2024-08-01 CVE-2024-41926 Origin Validation Error vulnerability in Mattermost Server
Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote.
network
low complexity
mattermost CWE-346
4.3
2024-07-29 CVE-2024-41143 Origin Validation Error vulnerability in Skygroup Skysea Client View
Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e.
local
low complexity
skygroup CWE-346
7.8
2024-07-01 CVE-2024-36421 Origin Validation Error vulnerability in Flowiseai Flowise 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow.
network
low complexity
flowiseai CWE-346
7.5
2024-06-25 CVE-2024-6301 Origin Validation Error vulnerability in Conduit
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs
network
low complexity
conduit CWE-346
7.5
2024-06-10 CVE-2024-36303 Origin Validation Error vulnerability in Trendmicro Apex ONE
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36302.
local
low complexity
trendmicro CWE-346
7.8