Falhas do tipo CWE-346
379 resultadosCVE-2025-14331MEDIUMSame-origin policy bypass in the Request Handling componentEPSS 0.2%CVE-2026-46611MEDIUMGlances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding AttackEPSS 0.2%CVE-2026-12032LOWInappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised EPSS 0.2%CVE-2026-11624CRITICALThe Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNEPSS 0.2%CVE-2026-32302HIGHOpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy modeEPSS 0.2%CVE-2026-11161MEDIUMInappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data viaEPSS 0.2%CVE-2026-11178MEDIUMInsufficient policy enforcement in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-originEPSS 0.2%CVE-2026-11226MEDIUMInsufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a uEPSS 0.2%CVE-2026-21790MEDIUMHCL Traveler is susceptible to a weak default HTTP header validation vulnerabilityEPSS 0.1%CVE-2026-47265MEDIUMAIOHTTP vulnerable to cross-origin redirect with per-request cookiesEPSS 0.1%CVE-2026-11217MEDIUMInappropriate implementation in Fenced Frames in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the rendEPSS 0.1%CVE-2026-11243MEDIUMInappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictionEPSS 0.1%CVE-2025-59845HIGHApollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypassEPSS 0.1%CVE-2026-27824MEDIUMcalibre has IP Ban Bypass via X-Forwarded-For Header SpoofingEPSS 0.1%CVE-2026-35253MEDIUMVulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily EPSS 0.1%CVE-2023-28795HIGHClient IPC validation bypassEPSS 0.1%CVE-2023-23561MEDIUMStormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information.EPSS 0.1%CVE-2025-46737HIGHOrigin Validation ErrorEPSS 0.1%CVE-2026-10846HIGHInsufficient verification that responses belong to a queryEPSS 0.1%CVE-2025-5824MEDIUMAutel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass VulnerabilityEPSS 0.1%