Weaknesses of type CWE-942
100 resultsCVE-2026-45021MEDIUMKuma: Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdminEPSS 0.2%CVE-2025-27909MEDIUMIBM Concert Software cross-origin resource sharingEPSS 0.2%CVE-2026-50087HIGHAqara IAM/SSO Gateway cross-origin resource sharingEPSS 0.2%CVE-2026-6143MEDIUMfarion1231 cc-switch ProxyServer server.rs cross-domain policyEPSS 0.2%CVE-2025-62523MEDIUMPILOS Misconfigured the Access-Control-Allow-Origin HeaderEPSS 0.2%CVE-2026-50088HIGHAqara Developer Portal cross-origin resource sharingEPSS 0.2%CVE-2026-6662MEDIUMericc-ch copilot-api Token Endpoint server.ts cors cross-domain policyEPSS 0.2%CVE-2026-8537MEDIUMInsufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin dEPSS 0.2%CVE-2025-55274LOWHCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerabilityEPSS 0.2%CVE-2026-7581MEDIUMalexta69 MeTube CORS Policy main.py on_prepare cross-domain policyEPSS 0.2%CVE-2024-11071HIGHImproper Access Control In DestinyECMEPSS 0.2%CVE-2025-11304MEDIUMCodeCanyon/ui-lib Mentor LMS API cross-domain policyEPSS 0.2%CVE-2026-5321MEDIUMvanna-ai vanna FastAPI/Flask Server cross-domain policyEPSS 0.2%CVE-2026-0397LOWInformation disclosure via CORS misconfigurationEPSS 0.2%CVE-2025-2865LOWReflected Cross-Site Scripting (XSS) vulnerability in saTECH BCUEPSS 0.2%CVE-2026-7643MEDIUMChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policyEPSS 0.2%CVE-2026-8576MEDIUMInappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-EPSS 0.2%CVE-2025-13984MEDIUMNext.js - Critical - Access bypass - SA-CONTRIB-2025-122EPSS 0.1%CVE-2026-44184HIGHCleanuparr: Reflective CORS combined with trusted-network auth allows cross-origin admin API readsEPSS 0.1%CVE-2026-46685MEDIUMRustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on consoleEPSS 0.1%