Falhas do tipo CWE-346
379 resultadosCVE-2025-52621MEDIUMHCL BigFix SaaS Authentication Service is vulnerable to cache poisoningEPSS 0.1%CVE-2024-45353MEDIUMquick App has intent redriction vulnerabilityEPSS 0.1%CVE-2022-29818LOWIn JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawedEPSS 0.1%CVE-2026-13034MEDIUMInappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the rendereEPSS 0.1%CVE-2026-13021MEDIUMInappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass sEPSS 0.1%CVE-2024-13068HIGHHost Header Injection in Akinsoft's LimonDeskEPSS 0.1%CVE-2026-11278MEDIUMInappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin EPSS 0.1%CVE-2024-54490MEDIUMThis issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user'sEPSS 0.1%CVE-2025-12905MEDIUMInappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of theEPSS 0.1%CVE-2023-47193HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2026-41358LOWOpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread ContextEPSS 0.1%CVE-2026-47825HIGHSpring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situationsEPSS 0.1%CVE-2025-1102MEDIUMA CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticatEPSS 0.1%CVE-2024-12973MEDIUMHost Header Injection in Akinsoft's OctoCloudEPSS 0.1%CVE-2026-11181MEDIUMInappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policyEPSS 0.1%CVE-2026-44698HIGHHome Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injectionEPSS 0.1%CVE-2026-35568HIGHMCP Java-SDK has a DNS Rebinding VulnerabilityEPSS 0.1%CVE-2026-28403HIGHTextream Cross-Site WebSocket Hijacking (CSWSH) vulnerabilityEPSS 0.1%CVE-2025-69235HIGHWhale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.EPSS 0.1%CVE-2026-5899MEDIUMInsufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a userEPSS 0.1%