CVE-2024-41659

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-942
View all →

Vulnerability Description

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account. This vulnerability is fixed in 0.21.0.

Related Vulnerabilities

CVE-2024-32862

HIGH
CVSS:8.1(High)

Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.

CWE-9422024

CVE-2022-47717

HIGH
CVSS:7.5(High)

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

CWE-9422022

CVE-2023-23464

HIGH
CVSS:7.5(High)

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.

CWE-9422023

CVE-2023-38125

HIGH
CVSS:7.5(High)

Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected insta...

CWE-9422023

CVE-2025-25234

HIGH
CVSS:7.5(High)

Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain ...

CWE-9422025

CVE-2019-14860

HIGH
CVSS:7.4(High)

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further acces...

CWE-9422019