Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-942

CWE-942

Permissive Cross-domain Security Policy with Untrusted Domains

Parent: CWE-863 - Incorrect Authorization

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

84 vulnerabilities with CWE-942

CVE-2026-7581 MEDIUM

alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy

CVE-2026-41056 HIGH

AVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account Takeover

CVE-2026-34839 MEDIUM

Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS

CVE-2026-6662 HIGH

ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy

CVE-2026-6143 MEDIUM

farion1231 cc-switch ProxyServer server.rs cross-domain policy

CVE-2026-5302 MEDIUM

Permissive Cross-domain Policy with Untrusted Domains in coolercontrold

CVE-2026-33533 MEDIUM

Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

CVE-2026-5321 MEDIUM

vanna-ai vanna FastAPI/Flask Server cross-domain policy

CVE-2026-34449 CRITICAL

SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection

CVE-2026-34237 MEDIUM

MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)

CVE-2026-34227 HIGH

Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface

CVE-2026-34200 HIGH

Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port

CVE-2026-0397 LOW

Information disclosure via CORS misconfiguration

CVE-2026-33010 HIGH

mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

CVE-2026-33043 HIGH

AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

CVE-2026-30924 CRITICAL

qui CORS Misconfiguration: Arbitrary Origins Trusted

CVE-2026-32610 HIGH

Glances's Default CORS Configuration Allows Cross-Origin Credential Theft

CVE-2026-32617 HIGH

AnythingLLM <=1.11.1 - Auth Bypass

CVE-2026-28792 CRITICAL

TinaCMS <2.1.8 - Path Traversal

CVE-2026-27579 HIGH

CollabPlatform - Info Disclosure

CVE-2026-25478 HIGH

Pypi Litestar < 2.20.0 - Permissive CORS Policy

CVE-2026-24435 MEDIUM

Shenzhen Tenda W30E V2 <16.01.0.19(5037) - XSS

CVE-2026-1181 CRITICAL

Altium 365 - SSRF

CVE-2026-22812 HIGH

OpenCode <1.0.216 - Command Injection

CVE-2025-55274 LOW

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability

Page 1 of 4 Next

Details

Vulnerabilities 84

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy