Fallos del tipo CWE-346
379 resultadosCVE-2026-34928HIGHAn origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. EPSS 0.2%CVE-2025-63386CRITICALA Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpointEPSS 0.2%CVE-2023-32993MEDIUMJenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configurEPSS 0.2%CVE-2025-10193HIGHNeo4j Cypher MCP server is vulnerable to DNS rebinding attacksEPSS 0.2%CVE-2026-8971MEDIUMSame-origin policy bypass in the Networking: JAR componentEPSS 0.2%CVE-2024-2377HIGHA vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this EPSS 0.2%CVE-2024-28883HIGHBIG-IP APM browser network access VPN client vulnerabilityEPSS 0.2%CVE-2024-51072MEDIUMAn issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECEPSS 0.2%CVE-2026-45021MEDIUMKuma: Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdminEPSS 0.2%CVE-2023-28794MEDIUMPAC Files Exposed to Internet WebsitesEPSS 0.2%CVE-2025-5263MEDIUMError handling for script execution was incorrectly isolated from web contentEPSS 0.2%CVE-2025-51605HIGHAn issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-EPSS 0.2%CVE-2023-27932MEDIUMThis issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tEPSS 0.2%CVE-2026-11133MEDIUMInsufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via EPSS 0.2%CVE-2026-34373MEDIUMParse Server: GraphQL API endpoint ignores CORS origin restrictionEPSS 0.2%CVE-2026-11132MEDIUMInsufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via EPSS 0.2%CVE-2026-6734HIGHundici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuseEPSS 0.2%CVE-2025-63388CRITICALA Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. ThEPSS 0.2%CVE-2026-5283MEDIUMInappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a craEPSS 0.2%CVE-2023-29751MEDIUMAn issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SEPSS 0.2%