Falhas do tipo CWE-346
379 resultadosCVE-2026-41393MEDIUMOpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance and Credential Exfiltration via Wide-Area DiscoveryEPSS 0.1%CVE-2024-23458HIGHLocal Privilege Escalation on Zscaler Client Connector on WindowsEPSS 0.1%CVE-2026-34460MEDIUMNamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swappingEPSS 0.1%CVE-2026-6339MEDIUMMissing request origin validation on burn-on-read reveal endpointEPSS 0.1%CVE-2025-2140MEDIUMIBM Engineering Requirements Management Doors Next spoofingEPSS 0.1%CVE-2025-20364MEDIUMA vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated,EPSS 0.1%CVE-2026-34083MEDIUMsignalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC FlowEPSS 0.1%CVE-2026-41398LOWOpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI BridgeEPSS 0.1%CVE-2026-3846MEDIUMSame-origin policy bypass in the CSS Parsing and Computation componentEPSS 0.1%CVE-2026-55767MEDIUMGuzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzleEPSS 0.1%CVE-2026-42558HIGHXibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSetEPSS 0.1%CVE-2026-55487HIGHpnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycleEPSS 0.1%CVE-2026-22694MEDIUMAliasVault is Missing Origin Validation in Android Passkey Credential ProviderEPSS 0.1%CVE-2026-32303HIGHCryptomator: Tampered vault configuration allows MITM attack on Hub APIEPSS 0.1%CVE-2026-44755MEDIUMEmail Spoofing vulnerability in SAP Business Objects Business Intelligence PlatformEPSS 0.1%CVE-2026-46685MEDIUMRustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on consoleEPSS 0.1%CVE-2025-68467LOWDark Reader gives users the ability to request style sheets from local web serversEPSS 0.1%CVE-2026-54030HIGHLibreChat: Missing Resource Parameter Validation in MCP OAuth FlowEPSS 0.1%CVE-2026-2457MEDIUMWebSocket Message Spoofing via Permalink Embed ManipulationEPSS 0.1%CVE-2026-9989MEDIUMInappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a EPSS 0.1%