Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-942

CWE-942

Permissive Cross-domain Security Policy with Untrusted Domains

Parent: CWE-863 - Incorrect Authorization

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

84 vulnerabilities with CWE-942

CVE-2025-9292 HIGH

Omada Cloud Controller - CSRF

CVE-2025-13984 MEDIUM

Kanopi Next.js < 1.6.4 - Permissive CORS Policy

CVE-2025-55462 MEDIUM

Eramba Community/Enterprise <3.26.0 - SSRF

CVE-2025-13019 HIGH

Mozilla Firefox < 140.5.0 - Permissive CORS Policy

CVE-2025-13017 HIGH

Mozilla Firefox < 140.5.0 - Permissive CORS Policy

CVE-2025-43480 HIGH

Apple <26.1 - Info Disclosure

CVE-2025-43392 MEDIUM

Apple - Info Disclosure

CVE-2025-62523 MEDIUM

THM Pilos < 4.8.0 - Permissive CORS Policy

CVE-2025-53092 MEDIUM

Strapi < 5.20.0 - Information Disclosure

CVE-2025-11304 MEDIUM

CodeCanyon/ui-lib Mentor LMS <1.1.1 - XSS

CVE-2025-41010 MEDIUM

Hiberus Sintra - XSS

CVE-2025-10529 MEDIUM

Mozilla Firefox < 140.3.0 - Permissive CORS Policy

CVE-2025-57755 HIGH

Musistudio Claude-code-router < 1.0.34 - Information Disclosure

CVE-2025-27909 MEDIUM

IBM Concert < 2.0.0 - Permissive CORS Policy

CVE-2025-25264 MEDIUM

CVE-2025-41366 MEDIUM

IDF v0.10.0-0C03-03/ZLF v0.10.0-0C03-04 - SSRF

CVE-2025-41363 MEDIUM

IDF v0.10.0-0C03-03/ZLF v0.10.0-0C03-04 - SSRF

CVE-2025-4839 LOW

Itwanger Paicoding - Permissive CORS Policy

CVE-2025-4542 LOW

Freeebird Hotel < 1.2 - Permissive CORS Policy

CVE-2025-4515 MEDIUM

Pribai Privategpt < 0.6.2 - Permissive CORS Policy

CVE-2025-25234 HIGH

Omnissa UAG - CSRF

CVE-2025-30354 MEDIUM

Bruno - Info Disclosure

CVE-2025-2865 MEDIUM

Arteche Satech Bcu Firmware - Permissive CORS Policy

CVE-2025-1083 LOW

Mindskip xzs-mysql 3.9.0 - SSRF

CVE-2024-11071 HIGH

DestinyECM - CSRF

Previous Page 2 of 4 Next

Details

Vulnerabilities 84

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy