Falhas do tipo CWE-942
100 resultadosCVE-2026-56076HIGHPraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI EndpointEPSS 0.5%CVE-2026-34449CRITICALSiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet InjectionEPSS 0.5%CVE-2024-49763HIGHPlexRipper allows API leak due to open CORS policyEPSS 0.5%CVE-2024-37131HIGHSCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated EPSS 0.5%CVE-2023-23464HIGHMedia CP Media Control Panel – Information DisclosureEPSS 0.5%CVE-2024-45642MEDIUMIBM Security ReaQta information disclosureEPSS 0.5%CVE-2023-50940MEDIUMIBM PowerSC cross-resource origin sharingEPSS 0.5%CVE-2025-43392MEDIUMThe issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPaEPSS 0.4%CVE-2023-37526MEDIUMHCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) VulnerabilityEPSS 0.4%CVE-2025-43480HIGHThe issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visEPSS 0.4%CVE-2026-32617HIGHAnythingLLM Permissable CORS policyEPSS 0.4%CVE-2026-33533HIGHGlances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS WildcardEPSS 0.4%CVE-2026-34839HIGHGlances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORSEPSS 0.4%CVE-2024-32862MEDIUMexacqVision CORSEPSS 0.4%CVE-2026-46608HIGHGlances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)EPSS 0.4%CVE-2026-34227MEDIUMSliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP InterfaceEPSS 0.4%CVE-2023-25603MEDIUMA permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.EPSS 0.4%CVE-2026-8948CRITICALSame-origin policy bypass in the DOM: Networking componentEPSS 0.4%CVE-2026-44895CRITICALGitLab MCP Server: SSE transport has no authentication and wildcard CORS, exposing all GitLab toolsEPSS 0.4%CVE-2023-2360LOWSensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) beforEPSS 0.4%