Fallos del tipo CWE-942
99 resultadosCVE-2026-22812HIGHOpenCode's Unauthenticated HTTP Server Allows Arbitrary Command ExecutionEPSS 17.0%CVE-2023-38122HIGHInductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution VulnerabilityEPSS 1.5%CVE-2019-14860HIGHIt was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lackEPSS 1.2%CVE-2023-38125HIGHSofting edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution VulnerabilityEPSS 1.1%CVE-2022-31736CRITICALA malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects ThunderEPSS 1.1%CVE-2020-36851CRITICALRob--W cors-anywhere Misconfigured CORS Proxy Allows SSRFEPSS 1.0%CVE-2023-46281HIGHA vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIEPSS 0.9%CVE-2022-26969CRITICALIn Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.EPSS 0.9%CVE-2024-21382MEDIUMMicrosoft Edge for Android Information Disclosure VulnerabilityEPSS 0.9%CVE-2024-41657HIGHGHSL-2024-035: Casdoor CORS misconfigurationEPSS 0.7%CVE-2022-47717HIGHLast Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).EPSS 0.7%CVE-2024-25124CRITICALFiber has Insecure CORS Configuration, Allowing Wildcard Origin with CredentialsEPSS 0.7%CVE-2023-46098HIGHA vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, EPSS 0.6%CVE-2024-41659HIGHGHSL-2024-034: memos CORS Misconfiguration in server.goEPSS 0.6%CVE-2021-34435—In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the EPSS 0.6%CVE-2023-36829MEDIUMSentry CORS misconfiguration vulnerabilityEPSS 0.5%CVE-2026-28792CRITICALCross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMSEPSS 0.5%CVE-2021-27786MEDIUMHCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin TrustedEPSS 0.5%CVE-2024-53276MEDIUMGHSL-2024-092: Open CORS policy in home-galleryEPSS 0.5%CVE-2022-34366MEDIUM
Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticatedEPSS 0.5%