Fallos del tipo CWE-346

385 resultados

CVE-2026-40594MEDIUMpyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)EPSS 0.2%CVE-2026-40622MEDIUMAnother 'ghost domain names' attack variantEPSS 0.2%CVE-2026-7581MEDIUMalexta69 MeTube CORS Policy main.py on_prepare cross-domain policyEPSS 0.2%CVE-2026-35408HIGHDirectus is Missing Cross-Origin Opener PolicyEPSS 0.2%CVE-2025-59957HIGHJunos OS: EX4600 Series and QFX5000 Series: An attacker with physical access can open a persistent backdoorEPSS 0.2%CVE-2024-8183HIGHCORS Misconfiguration in prefecthq/prefectEPSS 0.2%CVE-2024-6301MEDIUMOrigin Validation Error in ConduitEPSS 0.2%CVE-2025-42706MEDIUMCrowdStrike Falcon Sensor for Windows Logic ErrorEPSS 0.2%CVE-2023-44190MEDIUMJunos OS Evolved: PTX10001, PTX10004, PTX10008, PTX10016: MAC address validation bypass vulnerabilityEPSS 0.2%CVE-2022-32144HIGHThere is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to serviEPSS 0.2%CVE-2025-43929MEDIUMopen_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked fEPSS 0.2%CVE-2025-42998MEDIUMSecurity misconfiguration vulnerability in SAP Business One Integration FrameworkEPSS 0.2%CVE-2025-25306CRITICALMisskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated NotesEPSS 0.2%CVE-2023-28191—This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4EPSS 0.2%CVE-2026-11081MEDIUMInappropriate implementation in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a EPSS 0.2%CVE-2024-22062MEDIUMPermissions and Access Control Vulnerability in ZTE ZXCLOUD IRAIEPSS 0.2%CVE-2026-11036MEDIUMInappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a craEPSS 0.2%CVE-2026-45674HIGHNetty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME RecordsEPSS 0.2%CVE-2025-11304MEDIUMCodeCanyon/ui-lib Mentor LMS API cross-domain policyEPSS 0.2%CVE-2025-62250MEDIUMImproper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 throEPSS 0.2%

← anteriorpágina 13 / 20siguiente →