Falhas do tipo CWE-346
379 resultadosCVE-2026-54069CRITICALSiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin AllowlistEPSS 0.6%CVE-2021-39175HIGHXSS vector in slide mode speaker-viewEPSS 0.6%CVE-2021-39185CRITICALDefault CORS config allows any origin with credentialsEPSS 0.6%CVE-2023-29728CRITICALThe Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privEPSS 0.6%CVE-2022-31024MEDIUMFederated editing allows iframing remote servers by default in richdocumentsEPSS 0.6%CVE-2020-15733MEDIUMURL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)EPSS 0.6%CVE-2020-26253MEDIUM.dev domains treated as local in KirbyEPSS 0.6%CVE-2024-36302HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.6%CVE-2022-23764HIGHTERUTEN WebCube update remote code execution vulnerabilityEPSS 0.5%CVE-2023-29743HIGHAn issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating thEPSS 0.5%CVE-2024-9392CRITICALA compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, EPSS 0.5%CVE-2020-9060—Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZENEPSS 0.5%CVE-2023-30196HIGHPrestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php.EPSS 0.5%CVE-2023-0132MEDIUMInappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force EPSS 0.5%CVE-2023-32553—An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certainEPSS 0.5%CVE-2025-3462HIGH"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASEPSS 0.5%CVE-2021-32985HIGHAVEVA System Platform Origin Validation ErrorEPSS 0.5%CVE-2024-26135HIGHMeshCentral cross-site websocket hijacking (CSWSH) vulnerabilityEPSS 0.5%CVE-2023-27745HIGHAn issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actionEPSS 0.5%CVE-2023-29867MEDIUMZammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accountsEPSS 0.5%