Falhas do tipo CWE-346
379 resultadosCVE-2025-21497MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8EPSS 0.4%CVE-2024-1249HIGHKeycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddosEPSS 0.4%CVE-2020-26251MEDIUMCORS configuration is possibly vulnerableEPSS 0.4%CVE-2019-25211CRITICALparseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.comEPSS 0.4%CVE-2024-7978MEDIUMInsufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to eEPSS 0.4%CVE-2023-30996MEDIUMIBM Cognos Analytics cross-origin resource sharingEPSS 0.4%CVE-2024-32764CRITICALmyQNAPcloud LinkEPSS 0.4%CVE-2022-42927HIGHA same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.EPSS 0.4%CVE-2021-47157CRITICALThe Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.EPSS 0.4%CVE-2023-20275MEDIUMA vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTEPSS 0.4%CVE-2023-25366CRITICALIn Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.EPSS 0.4%CVE-2022-23032—In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP EPSS 0.4%CVE-2024-9393HIGHAn attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This coulEPSS 0.4%CVE-2026-23552CRITICALApache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicyEPSS 0.4%CVE-2026-43870HIGHApache Thrift: Node.js web_server.js multi-vulnerabilityEPSS 0.4%CVE-2026-22794CRITICALAccount Takeover Vulnerability in AppsmithEPSS 0.4%CVE-2024-25996MEDIUMPHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series EPSS 0.4%CVE-2023-2589MEDIUMAn issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before EPSS 0.4%CVE-2024-14006HIGHNagios XI < 2024R1.2.2 Host Header InjectionEPSS 0.4%CVE-2023-2639MEDIUMRockwell Automation FactoryTalk System Services Vulnerable to Sensitive Information DisclosureEPSS 0.4%