Fallos del tipo CWE-346

379 resultados

CVE-2026-35408HIGHDirectus is Missing Cross-Origin Opener PolicyEPSS 0.2%CVE-2024-8183HIGHCORS Misconfiguration in prefecthq/prefectEPSS 0.2%CVE-2024-6301MEDIUMOrigin Validation Error in ConduitEPSS 0.2%CVE-2025-42706MEDIUMCrowdStrike Falcon Sensor for Windows Logic ErrorEPSS 0.2%CVE-2022-32144HIGHThere is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to serviEPSS 0.2%CVE-2023-44190MEDIUMJunos OS Evolved: PTX10001, PTX10004, PTX10008, PTX10016: MAC address validation bypass vulnerabilityEPSS 0.2%CVE-2025-42998MEDIUMSecurity misconfiguration vulnerability in SAP Business One Integration FrameworkEPSS 0.2%CVE-2025-43929MEDIUMopen_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked fEPSS 0.2%CVE-2023-28191—This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4EPSS 0.2%CVE-2025-25306CRITICALMisskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated NotesEPSS 0.2%CVE-2025-11304MEDIUMCodeCanyon/ui-lib Mentor LMS API cross-domain policyEPSS 0.2%CVE-2026-11036MEDIUMInappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a craEPSS 0.2%CVE-2024-22062MEDIUMPermissions and Access Control Vulnerability in ZTE ZXCLOUD IRAIEPSS 0.2%CVE-2026-11081MEDIUMInappropriate implementation in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a EPSS 0.2%CVE-2026-37737MEDIUMsanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.maEPSS 0.2%CVE-2025-62250MEDIUMImproper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 throEPSS 0.2%CVE-2024-32642HIGHHost header poisoning allows account takeover via password reset emailEPSS 0.2%CVE-2026-9595MEDIUMwebpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxiesEPSS 0.2%CVE-2026-5321MEDIUMvanna-ai vanna FastAPI/Flask Server cross-domain policyEPSS 0.2%CVE-2026-54007HIGHOpen WebUI: Cross-origin postMessage confirmation bypass via action:submitEPSS 0.2%

← anteriorpágina 13 / 19siguiente →