Falhas do tipo CWE-346

372 resultados

CVE-2025-34291CRITICALLangflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCEEPSS 78.9%KEV CVE-2023-29711CRITICALAn incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via craftedEPSS 70.3%CVE-2015-4495HIGHThe PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypassEPSS 70.2%KEV CVE-2024-23898HIGHJenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests maEPSS 66.9%CVE-2021-33959HIGHPlex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.EPSS 15.0%CVE-2024-36421HIGHGHSL-2023-234: Flowise Cors Misconfiguration in packages/server/src/index.tsEPSS 8.5%CVE-2025-53399MEDIUMIn Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackEPSS 4.7%CVE-2018-15723—The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthentEPSS 3.7%CVE-2023-33443CRITICALIncorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrEPSS 3.5%CVE-2025-69258CRITICALA LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL EPSS 3.2%CVE-2017-6519CRITICALavahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, whicEPSS 3.1%CVE-2021-37705CRITICALImproper Authorization and Origin Validation Error in OneFuzzEPSS 2.4%CVE-2019-9498—The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-CommitEPSS 2.4%CVE-2019-9499—The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-CommitEPSS 2.4%CVE-2020-11868HIGHntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode EPSS 2.1%CVE-2023-23578HIGHImproper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to coEPSS 2.0%CVE-2023-32223HIGHD-Link DSL-224 firmware version 3.0.10 post authentication command executionEPSS 1.6%CVE-2024-50654HIGHlilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturiEPSS 1.6%CVE-2022-41924CRITICALTailscale Windows daemon is vulnerable to RCE via CSRFEPSS 1.6%CVE-2017-7561—Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS comEPSS 1.5%

← anteriorpágina 1 / 19próxima →