Weaknesses of type CWE-346
385 resultsCVE-2026-41376LOWOpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender ValidationEPSS 0.2%CVE-2026-7986MEDIUMInsufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via EPSS 0.2%CVE-2022-42860—This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 1EPSS 0.2%CVE-2026-7979MEDIUMInappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2020-15734MEDIUMSame-origin policy vulnerability in Bitdefender SafepayEPSS 0.2%CVE-2025-14331MEDIUMSame-origin policy bypass in the Request Handling componentEPSS 0.2%CVE-2026-46611MEDIUMGlances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding AttackEPSS 0.2%CVE-2026-12032LOWInappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised EPSS 0.2%CVE-2026-11624CRITICALThe Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNEPSS 0.2%CVE-2026-32302HIGHOpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy modeEPSS 0.2%CVE-2026-11161MEDIUMInappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data viaEPSS 0.2%CVE-2026-11178MEDIUMInsufficient policy enforcement in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-originEPSS 0.2%CVE-2026-11226MEDIUMInsufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a uEPSS 0.2%CVE-2026-47265MEDIUMAIOHTTP vulnerable to cross-origin redirect with per-request cookiesEPSS 0.1%CVE-2026-21790MEDIUMHCL Traveler is susceptible to a weak default HTTP header validation vulnerabilityEPSS 0.1%CVE-2026-11217MEDIUMInappropriate implementation in Fenced Frames in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the rendEPSS 0.1%CVE-2026-11243MEDIUMInappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictionEPSS 0.1%CVE-2025-59845HIGHApollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypassEPSS 0.1%CVE-2024-45353MEDIUMquick App has intent redriction vulnerabilityEPSS 0.1%CVE-2026-27824MEDIUMcalibre has IP Ban Bypass via X-Forwarded-For Header SpoofingEPSS 0.1%