Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-942

CWE-942

Permissive Cross-domain Security Policy with Untrusted Domains

Parent: CWE-863 - Incorrect Authorization

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

64 vulnerabilities with CWE-942

CVE-2026-27579 HIGH

CollabPlatform - Info Disclosure

Omada Cloud Controller - CSRF

CVE-2026-25478 HIGH

Pypi Litestar < 2.20.0 - Permissive CORS Policy

CVE-2025-13984 MEDIUM

Kanopi Next.js < 1.6.4 - Permissive CORS Policy

CVE-2026-24435 MEDIUM

Shenzhen Tenda W30E V2 <16.01.0.19(5037) - XSS

CVE-2026-1181 CRITICAL

Altium 365 - SSRF

CVE-2025-55462 MEDIUM

Eramba Community/Enterprise <3.26.0 - SSRF

CVE-2026-22812 HIGH

OpenCode <1.0.216 - Command Injection

CVE-2025-13019 HIGH

Mozilla Firefox < 140.5.0 - Permissive CORS Policy

CVE-2025-13017 HIGH

Mozilla Firefox < 140.5.0 - Permissive CORS Policy

CVE-2025-43480 HIGH

Apple <26.1 - Info Disclosure

CVE-2025-43392 MEDIUM

Apple - Info Disclosure

CVE-2025-62523 MEDIUM

THM Pilos < 4.8.0 - Permissive CORS Policy

CVE-2025-53092 MEDIUM

Strapi < 5.20.0 - Information Disclosure

CVE-2023-37401 MEDIUM

IBM Aspera Faspex < 5.0.14 - Permissive CORS Policy

CVE-2025-11304 MEDIUM

CodeCanyon/ui-lib Mentor LMS <1.1.1 - XSS

Hiberus Sintra - XSS

Rob W - Cors-Anywhere <SSRF>

CVE-2025-10529 MEDIUM

Mozilla Firefox < 140.3.0 - Permissive CORS Policy

Musistudio Claude-code-router < 1.0.34 - Information Disclosure

CVE-2025-27909 MEDIUM

IBM Concert < 2.0.0 - Permissive CORS Policy

CVE-2025-25264 MEDIUM

IDF v0.10.0-0C03-03/ZLF v0.10.0-0C03-04 - SSRF

IDF v0.10.0-0C03-03/ZLF v0.10.0-0C03-04 - SSRF

CVE-2025-4839 LOW

Itwanger Paicoding - Permissive CORS Policy

Page 1 of 3 Next

Details

Vulnerabilities 64

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy