Fallos del tipo CWE-346
379 resultadosCVE-2026-5283MEDIUMInappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a craEPSS 0.2%CVE-2024-56170MEDIUMA validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients aEPSS 0.2%CVE-2026-1997MEDIUMCertain HP OfficeJet Pro Printers - Information DisclosureEPSS 0.2%CVE-2026-30964MEDIUMWebauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validationEPSS 0.2%CVE-2025-37734MEDIUMKibana Origin Validation ErrorEPSS 0.2%CVE-2026-44985HIGHDozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authenticationEPSS 0.2%CVE-2026-8950CRITICALSame-origin policy bypass in the Networking: HTTP componentEPSS 0.2%CVE-2025-14279HIGHDNS Rebinding Vulnerability in mlflow/mlflowEPSS 0.2%CVE-2025-62584HIGHWhale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.EPSS 0.2%CVE-2026-11195MEDIUMInappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in spEPSS 0.2%CVE-2023-29753MEDIUMAn issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreferencEPSS 0.2%CVE-2026-12304CRITICALSame-origin policy bypass in the Networking: Cookies componentEPSS 0.2%CVE-2026-6143MEDIUMfarion1231 cc-switch ProxyServer server.rs cross-domain policyEPSS 0.2%CVE-2024-21245MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Supported versions EPSS 0.2%CVE-2025-21542MEDIUMVulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security).EPSS 0.2%CVE-2026-11693HIGHInappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer EPSS 0.2%CVE-2026-11194MEDIUMInappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crEPSS 0.2%CVE-2026-33314MEDIUMpyload-ng: Improper Authentication and Origin Validation ErrorEPSS 0.2%CVE-2026-27478CRITICALUnity Catalog has a JWT Issuer Validation Bypass Allows Complete User ImpersonationEPSS 0.2%CVE-2024-45354MEDIUMxiaomi shop application Webview has code execution vulnerabilityEPSS 0.2%