Falhas do tipo CWE-942
100 resultadosCVE-2026-33010HIGHmcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory TheftEPSS 0.4%CVE-2025-25264MEDIUMOverly Permissive CORS Policy in WAGO Device ManagerEPSS 0.4%CVE-2026-25478HIGHLitestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed originsEPSS 0.4%CVE-2023-23128MEDIUMConnectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have EPSS 0.4%CVE-2023-45213MEDIUM Westermo Lynx Permissive Cross-domain Policy with Untrusted DomainsEPSS 0.4%CVE-2025-55462MEDIUMA CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in tEPSS 0.4%CVE-2026-34200HIGHNhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network PortEPSS 0.4%CVE-2024-6449MEDIUMArbitrary cross-domain file inclusion in HyperView Geoportal ToolkitEPSS 0.4%CVE-2025-30354HIGHBruno ignores Safe-Mode in Asserts expressionsEPSS 0.3%CVE-2024-22348MEDIUMIBM UrbanCode Velocity cross-origin resource sharingEPSS 0.3%CVE-2026-33043HIGHAVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORSEPSS 0.3%CVE-2025-9292LOWPermissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud ControllersEPSS 0.3%CVE-2026-32610HIGHGlances's Default CORS Configuration Allows Cross-Origin Credential TheftEPSS 0.3%CVE-2026-41056HIGHAVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account TakeoverEPSS 0.3%CVE-2024-10315MEDIUMInsecure Configuration in Gliffy OnlineEPSS 0.3%CVE-2024-23823MEDIUMCORS settings overly permissive in vantage6EPSS 0.3%CVE-2026-1181CRITICALAltium 365 Over-Permissive CORS Configuration Allows Credentialed Cross-Origin Workspace AccessEPSS 0.3%CVE-2025-41366MEDIUMCORS vulnerability in IDF and ZLFEPSS 0.3%CVE-2025-41010MEDIUMCross-origin resource sharing (CORS) in Hiberus SintraEPSS 0.3%CVE-2025-1083LOWMindskip xzs-mysql 学之思开源考试系统 CORS cross-domain policyEPSS 0.3%