Weaknesses of type CWE-346
385 resultsCVE-2023-47197HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2023-47195HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2023-47196HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2026-44184HIGHCleanuparr: Reflective CORS combined with trusted-network auth allows cross-origin admin API readsEPSS 0.1%CVE-2024-41143HIGHOrigin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arEPSS 0.1%CVE-2026-41393MEDIUMOpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance and Credential Exfiltration via Wide-Area DiscoveryEPSS 0.1%CVE-2024-23458HIGHLocal Privilege Escalation on Zscaler Client Connector on WindowsEPSS 0.1%CVE-2026-34460MEDIUMNamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swappingEPSS 0.1%CVE-2025-2140MEDIUMIBM Engineering Requirements Management Doors Next spoofingEPSS 0.1%CVE-2026-6339MEDIUMMissing request origin validation on burn-on-read reveal endpointEPSS 0.1%CVE-2025-20364MEDIUMA vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated,EPSS 0.1%CVE-2026-34083MEDIUMsignalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC FlowEPSS 0.1%CVE-2026-41398LOWOpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI BridgeEPSS 0.1%CVE-2026-3846MEDIUMSame-origin policy bypass in the CSS Parsing and Computation componentEPSS 0.1%CVE-2026-55767MEDIUMGuzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzleEPSS 0.1%CVE-2026-32303HIGHCryptomator: Tampered vault configuration allows MITM attack on Hub APIEPSS 0.1%CVE-2026-22694MEDIUMAliasVault is Missing Origin Validation in Android Passkey Credential ProviderEPSS 0.1%CVE-2026-55487HIGHpnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycleEPSS 0.1%CVE-2026-42558HIGHXibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSetEPSS 0.1%CVE-2026-44755MEDIUMEmail Spoofing vulnerability in SAP Business Objects Business Intelligence PlatformEPSS 0.1%