Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-942 (过度许可的跨域白名单) — Vulnerability Class 59

59 vulnerabilities classified as CWE-942 (过度许可的跨域白名单). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41056 AVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account Takeover — AVideo 8.1 High2026-04-21
CVE-2026-6662 ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy — copilot-api 7.3 High2026-04-20
CVE-2026-6143 farion1231 cc-switch ProxyServer server.rs cross-domain policy — cc-switch 6.3 Medium2026-04-13
CVE-2026-5302 Permissive Cross-domain Policy with Untrusted Domains in coolercontrold — coolercontrold 6.3 Medium2026-04-08
CVE-2026-33533 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard — glances 8.1AIHighAI2026-04-02
CVE-2026-5321 vanna-ai vanna FastAPI/Flask Server cross-domain policy — vanna 4.3 Medium2026-04-02
CVE-2026-34449 SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection — siyuan 9.7 Critical2026-03-31
CVE-2026-34237 MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *) — java-sdk 6.1 Medium2026-03-31
CVE-2025-55274 HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability — Aftermarket DPC 2.6 Low2026-03-26
CVE-2026-33010 mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft — mcp-memory-service 8.1 High2026-03-20
CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS — AVideo 8.1 High2026-03-20
CVE-2026-30924 qui CORS Misconfiguration: Arbitrary Origins Trusted — qui 8.8 -2026-03-19
CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft — glances 8.1 High2026-03-18
CVE-2026-32617 AnythingLLM Permissable CORS policy — anything-llm 7.1 High2026-03-13
CVE-2025-9292 Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers — Omada Cloud Controller 7.5AIHighAI2026-02-13
CVE-2026-25478 Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins — litestar 7.4 High2026-02-09
CVE-2025-13984 Next.js - Critical - Access bypass - SA-CONTRIB-2025-122 — Next.js 6.1AIMediumAI2026-01-28
CVE-2026-24435 Tenda W30E V2 Permissive CORS Allows Cross-origin Data Access — W30E V2 8.1AIHighAI2026-01-26
CVE-2026-1181 Altium 365 Over-Permissive CORS Configuration Allows Credentialed Cross-Origin Workspace Access — Altium 365 9.0 Critical2026-01-19
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header — PILOS 6.3 Medium2025-10-27
CVE-2023-37401 IBM Aspera Faspex cross-origin resource sharing — Aspera Faspex 5.3 Medium2025-10-09
CVE-2025-11304 CodeCanyon/ui-lib Mentor LMS API cross-domain policy — Mentor LMS 6.3 Medium2025-10-05
CVE-2025-41010 Cross-origin resource sharing (CORS) in Hiberus Sintra — Sintra 9.8AICriticalAI2025-10-02
CVE-2020-36851 Rob--W / cors-anywhere Misconfigured CORS Proxy Allows SSRF — Rob--W / cors-anywhere 9.1AICriticalAI2025-09-25
CVE-2025-27909 IBM Concert Software cross-origin resource sharing — Concert Software 5.4 Medium2025-08-18
CVE-2025-25264 Overly Permissive CORS Policy in WAGO Device Manager — CC100 0751-9x01 6.5 Medium2025-06-16
CVE-2025-41366 CORS vulnerability in IDF and ZLF — IDF and ZLF 8.0AIHighAI2025-06-06
CVE-2025-41363 CORS vulnerability in IDF and ZLF — IDF and ZLF 8.8AIHighAI2025-06-06
CVE-2025-4839 itwanger paicoding CrossUtil.java cross-domain policy — paicoding 3.1 Low2025-05-17
CVE-2025-4542 Freeebird Hotel 酒店管理系统 API SessionInterceptor.java cross-domain policy — Hotel 酒店管理系统 API 3.1 Low2025-05-11

Vulnerabilities classified as CWE-942 (过度许可的跨域白名单) represent 59 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.