Falhas do tipo CWE-346
379 resultadosCVE-2024-6844MEDIUMInconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-corsEPSS 0.3%CVE-2022-41961MEDIUMBigBlueButton subject to Ineffective user bansEPSS 0.3%CVE-2023-49803HIGH@koa/cors has overly permissive origin policyEPSS 0.3%CVE-2024-41475CRITICALGnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.EPSS 0.3%CVE-2026-50168HIGHAngular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist BypassEPSS 0.3%CVE-2025-13947HIGHWebkit: webkitgtk: remote user-assisted information disclosure via file drag-and-dropEPSS 0.3%CVE-2020-26234MEDIUMDisabled Hostname Verification in OpenCastEPSS 0.3%CVE-2026-10937HIGHInappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy viaEPSS 0.3%CVE-2024-8487HIGHCORS Vulnerability in modelscope/agentscopeEPSS 0.3%CVE-2022-4917MEDIUMIncorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screEPSS 0.3%CVE-2026-54665MEDIUMApache NiFi: Missing Validation for Proxy Host HeadersEPSS 0.3%CVE-2022-1520MEDIUMWhen viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may shoEPSS 0.3%CVE-2023-28318MEDIUMA vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeleteEPSS 0.3%CVE-2026-10996MEDIUMInappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via aEPSS 0.3%CVE-2024-7819HIGHCORS Misconfiguration in danswer-ai/danswerEPSS 0.3%CVE-2026-27118MEDIUMCache poisoning in @sveltejs/adapter-vercelEPSS 0.3%CVE-2025-10201HIGHInappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypasEPSS 0.3%CVE-2024-24557MEDIUMMoby classic builder cache poisoningEPSS 0.3%CVE-2023-29745HIGHAn issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating thEPSS 0.3%CVE-2025-30466CRITICALThis issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4EPSS 0.3%