Fallos del tipo CWE-346
379 resultadosCVE-2024-55917HIGHAn origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installatioEPSS 0.3%CVE-2022-45139MEDIUMWAGO: Origin validation error through CORS misconfigurationEPSS 0.3%CVE-2024-45352HIGHXiaomi smarthome application Webview has code execution vulnerabilityEPSS 0.3%CVE-2026-37977LOWKeycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claimEPSS 0.3%CVE-2020-15104MEDIUMTLS Validation Vulnerability in EnvoyEPSS 0.3%CVE-2025-4839LOWitwanger paicoding CrossUtil.java cross-domain policyEPSS 0.3%CVE-2024-44212MEDIUMA cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS EPSS 0.3%CVE-2026-34927HIGHAn origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
EPSS 0.2%CVE-2026-34929HIGHAn origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. EPSS 0.2%CVE-2024-6674HIGHData Leak through CORS Misconfiguration in parisneo/lollms-webuiEPSS 0.2%CVE-2026-27192HIGHFeathers has an origin validation bypass via prefix matchingEPSS 0.2%CVE-2025-59159CRITICALSillyTavern Web Interface Vulnerable to DNS RebindingEPSS 0.2%CVE-2025-3071MEDIUMInappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engageEPSS 0.2%CVE-2023-37210—A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoEPSS 0.2%CVE-2025-23023HIGHAnonymous cache poisoning via request headers in DiscourseEPSS 0.2%CVE-2024-55948HIGHAnonymous cache poisoning via XHR requests in DiscourseEPSS 0.2%CVE-2025-9180HIGHSame-origin policy bypass in the Graphics: Canvas2D componentEPSS 0.2%CVE-2025-8881MEDIUMInappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engagEPSS 0.2%CVE-2026-2790HIGHSame-origin policy bypass in the Networking: JAR componentEPSS 0.2%CVE-2026-27579HIGHCollabPlatform : CORS Misconfiguration Allows Arbitrary Origin With Credentials Leading to Authenticated Account Data ExposureEPSS 0.2%