Fallos del tipo CWE-346
379 resultadosCVE-2026-6662MEDIUMericc-ch copilot-api Token Endpoint server.ts cors cross-domain policyEPSS 0.2%CVE-2025-7659HIGHOrigin Validation Error in GitLabEPSS 0.2%CVE-2026-35577MEDIUMMissing Host Header Validation in Apollo MCP Server for Localhost DeploymentsEPSS 0.2%CVE-2026-41700HIGHCross-Site WebSocket Hijacking in Spring for GraphQLEPSS 0.2%CVE-2026-26861HIGHCleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting (XSS) via window.postMessage. The handleCustomHtmlPreviewEPSS 0.2%CVE-2023-44189MEDIUMJunos OS Evolved: PTX10003 Series: MAC address validation bypass vulnerabilityEPSS 0.2%CVE-2024-45495MEDIUMMSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking.EPSS 0.2%CVE-2025-25302HIGHRembg CORS misconfigurationEPSS 0.2%CVE-2023-27944HIGHThis issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An EPSS 0.2%CVE-2023-5973MEDIUMTruncated port nameEPSS 0.2%CVE-2026-11083MEDIUMInappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin dataEPSS 0.2%CVE-2026-11200MEDIUMInappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a craEPSS 0.2%CVE-2026-11176MEDIUMInappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2026-11084MEDIUMInappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin dataEPSS 0.2%CVE-2026-11032MEDIUMInappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin dataEPSS 0.2%CVE-2025-23109MEDIUMAddress bar spoofing on iOS using long hostnamesEPSS 0.2%CVE-2026-40594MEDIUMpyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)EPSS 0.2%CVE-2026-40622MEDIUMAnother 'ghost domain names' attack variantEPSS 0.2%CVE-2025-59957HIGHJunos OS: EX4600 Series and QFX5000 Series: An attacker with physical access can open a persistent backdoorEPSS 0.2%CVE-2026-7581MEDIUMalexta69 MeTube CORS Policy main.py on_prepare cross-domain policyEPSS 0.2%