Weaknesses of type CWE-346

405 results
CVE-2025-8074MEDIUMOrigin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary EPSS 0.1%CVE-2026-22077MEDIUMSensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO WalletEPSS 0.1%CVE-2026-32318HIGHCryptomator for IOS: Tampered vault configuration allows MITM attack on Hub APIEPSS 0.1%CVE-2026-2345LOWInsufficient Origin Validation in Proctorio Chrome Extension postMessage HandlersEPSS 0.1%CVE-2026-32317HIGHCryptomator for Android: Tampered vault configuration allows MITM attack on Hub APIEPSS 0.1%CVE-2026-33697HIGHCoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keysEPSS 0.1%CVE-2026-13881MEDIUMInappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policEPSS CVE-2026-14105CRITICALInsufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy viaEPSS CVE-2026-14057MEDIUMInappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a cEPSS CVE-2026-13822MEDIUMInappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to inEPSS CVE-2026-13913MEDIUMInsufficient policy enforcement in Autofill in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user toEPSS CVE-2026-14039MEDIUMInsufficient policy enforcement in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin poliEPSS CVE-2026-13839MEDIUMInappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a craEPSS CVE-2026-13826MEDIUMInappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised thEPSS CVE-2026-13887MEDIUMInappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renEPSS CVE-2026-13793MEDIUMInsufficient policy enforcement in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a craEPSS CVE-2026-14079MEDIUMInsufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy viEPSS CVE-2026-58169HIGHVibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code ExecutionEPSS CVE-2026-14046MEDIUMInappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origiEPSS CVE-2026-14053MEDIUMInsufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendEPSS