Weaknesses of type CWE-346
405 resultsCVE-2025-8074MEDIUMOrigin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary EPSS 0.1%CVE-2026-22077MEDIUMSensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO WalletEPSS 0.1%CVE-2026-32318HIGHCryptomator for IOS: Tampered vault configuration allows MITM attack on Hub APIEPSS 0.1%CVE-2026-2345LOWInsufficient Origin Validation in Proctorio Chrome Extension postMessage HandlersEPSS 0.1%CVE-2026-32317HIGHCryptomator for Android: Tampered vault configuration allows MITM attack on Hub APIEPSS 0.1%CVE-2026-33697HIGHCoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keysEPSS 0.1%CVE-2026-13881MEDIUMInappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policEPSS —CVE-2026-14105CRITICALInsufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy viaEPSS —CVE-2026-14057MEDIUMInappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a cEPSS —CVE-2026-13822MEDIUMInappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to inEPSS —CVE-2026-13913MEDIUMInsufficient policy enforcement in Autofill in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user toEPSS —CVE-2026-14039MEDIUMInsufficient policy enforcement in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin poliEPSS —CVE-2026-13839MEDIUMInappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a craEPSS —CVE-2026-13826MEDIUMInappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised thEPSS —CVE-2026-13887MEDIUMInappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renEPSS —CVE-2026-13793MEDIUMInsufficient policy enforcement in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a craEPSS —CVE-2026-14079MEDIUMInsufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy viEPSS —CVE-2026-58169HIGHVibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code ExecutionEPSS —CVE-2026-14046MEDIUMInappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origiEPSS —CVE-2026-14053MEDIUMInsufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendEPSS —