Fallos del tipo CWE-346
379 resultadosCVE-2022-30228HIGHA vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected software does not apply cross-origin rEPSS 0.4%CVE-2022-38472MEDIUMAn attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the adEPSS 0.4%CVE-2026-25604MEDIUMApache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication BypassEPSS 0.4%CVE-2024-10534HIGHImproper Access Control in Dataprom Informatics' PACS-ACSSEPSS 0.4%CVE-2022-46718—A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big SEPSS 0.4%CVE-2025-71214HIGHAn origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privEPSS 0.4%CVE-2026-20643MEDIUMA cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security ImprovemEPSS 0.4%CVE-2024-36303HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.4%CVE-2023-30856HIGHeDEX-UI cross-site websocket hijacking vulnerability enables remote command executionEPSS 0.3%CVE-2024-44734HIGHIncorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction EPSS 0.3%CVE-2023-28164MEDIUMDragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. ThEPSS 0.3%CVE-2024-57965NONEIn axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted sEPSS 0.3%CVE-2023-26114HIGHVersions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnEPSS 0.3%CVE-2025-71213HIGHAn origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installatioEPSS 0.3%CVE-2022-50925HIGHProwise Reflect v1.0.9 - Remote Keystroke InjectionEPSS 0.3%CVE-2026-6903HIGHPath Traversal Vulnerability in LabOne User InterfaceEPSS 0.3%CVE-2024-28224MEDIUMOllama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthEPSS 0.3%CVE-2024-0749MEDIUMA phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerabEPSS 0.3%CVE-2024-0814MEDIUMIncorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a cEPSS 0.3%CVE-2024-10956HIGHCross-Site WebSocket Hijacking in binary-husky/gpt_academicEPSS 0.3%