Common Weakness Enumeration

CWE-942

Permissive Cross-domain Security Policy with Untrusted Domains

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

CVE-2026-56076 (GCVE-0-2026-56076)

Vulnerability from cvelistv5 – Published: 2026-06-18 22:12 – Updated: 2026-06-22 17:16
VLAI
Title
PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint
Summary
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
Assigner
References
Impacted products
Vendor Product Version
PraisonAI PraisonAI Affected: 0 , < 1.5.128 (semver)
Unaffected: 1.5.128 (semver)
Create a notification for this product.
Date Public
2026-04-09 00:00
Credits
offset
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-56076",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T15:36:05.630759Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T17:16:20.117Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PraisonAI",
          "vendor": "PraisonAI",
          "versions": [
            {
              "lessThan": "1.5.128",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "1.5.128",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.5.128",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "offset"
        }
      ],
      "datePublic": "2026-04-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette\u0027s Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Security Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T22:12:24.090Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GHSA Advisory GHSA-x462-jjpc-q4q4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4"
        },
        {
          "name": "VulnCheck Advisory: PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/praisonai-cross-origin-agent-execution-via-hardcoded-wildcard-cors-and-missing-authentication-on-agui-endpoint"
        }
      ],
      "title": "PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-56076",
    "datePublished": "2026-06-18T22:12:24.090Z",
    "dateReserved": "2026-06-18T15:57:20.434Z",
    "dateUpdated": "2026-06-22T17:16:20.117Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57957 (GCVE-0-2026-57957)

Vulnerability from cvelistv5 – Published: 2026-06-29 17:23 – Updated: 2026-07-01 14:20 X_Open Source
VLAI
Title
Papermark 0.22.0 - CORS Misconfiguration in Viewer Upload Endpoint
Summary
Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with Access-Control-Allow-Credentials set to true. Attackers can lure authenticated victims to malicious pages that silently issue credentialed cross-origin requests to upload arbitrary files into victim datarooms and read credentialed responses.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
Assigner
Impacted products
Vendor Product Version
papermark papermark Affected: 0 , ≤ 0.22.0 (semver)
Create a notification for this product.
Date Public
2026-06-17 00:00
Credits
George Chen
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57957",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T14:19:49.048856Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T14:20:01.147Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "papermark",
          "repo": "https://github.com/papermark/papermark",
          "vendor": "papermark",
          "versions": [
            {
              "lessThanOrEqual": "0.22.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:papermark:papermark:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "0.22.0",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "George Chen"
        }
      ],
      "datePublic": "2026-06-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with Access-Control-Allow-Credentials set to true. Attackers can lure authenticated victims to malicious pages that silently issue credentialed cross-origin requests to upload arbitrary files into victim datarooms and read credentialed responses."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Security Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T11:15:47.836Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "Researcher Disclosure",
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/papermark/papermark/issues/2178"
        },
        {
          "name": "Findings Summary",
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/AstoKr/papermark/pull/1"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/papermark-cors-misconfiguration-in-viewer-upload-endpoint"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "title": "Papermark 0.22.0 - CORS Misconfiguration in Viewer Upload Endpoint",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-57957",
    "datePublished": "2026-06-29T17:23:10.419Z",
    "dateReserved": "2026-06-26T13:59:33.048Z",
    "dateUpdated": "2026-07-01T14:20:01.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6143 (GCVE-0-2026-6143)

Vulnerability from cvelistv5 – Published: 2026-04-13 01:15 – Updated: 2026-04-13 11:59
VLAI
Title
farion1231 cc-switch ProxyServer server.rs cross-domain policy
Summary
A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
  • CWE-346 - Origin Validation Error
Assigner
Impacted products
Vendor Product Version
farion1231 cc-switch Affected: 3.12.0
Affected: 3.12.1
Affected: 3.12.2
Affected: 3.12.3
Create a notification for this product.
Credits
r00tuser (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6143",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T11:59:14.642288Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T11:59:30.326Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "ProxyServer"
          ],
          "product": "cc-switch",
          "vendor": "farion1231",
          "versions": [
            {
              "status": "affected",
              "version": "3.12.0"
            },
            {
              "status": "affected",
              "version": "3.12.1"
            },
            {
              "status": "affected",
              "version": "3.12.2"
            },
            {
              "status": "affected",
              "version": "3.12.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "r00tuser (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T01:15:13.708Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-357007 | farion1231 cc-switch ProxyServer server.rs cross-domain policy",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/357007"
        },
        {
          "name": "VDB-357007 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/357007/cti"
        },
        {
          "name": "Submit #796145 | github.com/farion1231 cc-switch v3.12.3 Origin Validation Error",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/796145"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/farion1231/cc-switch/issues/1841"
        },
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/farion1231/cc-switch/pull/1915"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/farion1231/cc-switch/issues/1841#issue-4191294952"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/farion1231/cc-switch/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-12T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-12T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-12T10:01:21.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "farion1231 cc-switch ProxyServer server.rs cross-domain policy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-6143",
    "datePublished": "2026-04-13T01:15:13.708Z",
    "dateReserved": "2026-04-12T07:56:04.762Z",
    "dateUpdated": "2026-04-13T11:59:30.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6662 (GCVE-0-2026-6662)

Vulnerability from cvelistv5 – Published: 2026-04-20 17:00 – Updated: 2026-04-20 18:09
VLAI
Title
ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy
Summary
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
  • CWE-346 - Origin Validation Error
Assigner
References
URL Tags
https://vuldb.com/vuln/358300 vdb-entrytechnical-description
https://vuldb.com/vuln/358300/cti signaturepermissions-required
https://vuldb.com/submit/794601 third-party-advisory
https://github.com/August829/CVEP/issues/31 exploitissue-tracking
Impacted products
Vendor Product Version
ericc-ch copilot-api Affected: 0.1
Affected: 0.2
Affected: 0.3
Affected: 0.4
Affected: 0.5
Affected: 0.6
Affected: 0.7.0
Create a notification for this product.
Credits
Yu_Bao (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6662",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T18:09:19.525193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T18:09:27.691Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Token Endpoint"
          ],
          "product": "copilot-api",
          "vendor": "ericc-ch",
          "versions": [
            {
              "status": "affected",
              "version": "0.1"
            },
            {
              "status": "affected",
              "version": "0.2"
            },
            {
              "status": "affected",
              "version": "0.3"
            },
            {
              "status": "affected",
              "version": "0.4"
            },
            {
              "status": "affected",
              "version": "0.5"
            },
            {
              "status": "affected",
              "version": "0.6"
            },
            {
              "status": "affected",
              "version": "0.7.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yu_Bao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been made public and could be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-20T17:00:17.800Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-358300 | ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/358300"
        },
        {
          "name": "VDB-358300 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/358300/cti"
        },
        {
          "name": "Submit #794601 | ericc-ch copilot-api 0.7.0 Cross-Origin Token Theft via Wildcard CORS \u0026 Open Token Endpoint",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/794601"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/August829/CVEP/issues/31"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-20T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-20T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-20T14:06:55.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-6662",
    "datePublished": "2026-04-20T17:00:17.800Z",
    "dateReserved": "2026-04-20T12:01:50.361Z",
    "dateUpdated": "2026-04-20T18:09:27.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-7581 (GCVE-0-2026-7581)

Vulnerability from cvelistv5 – Published: 2026-05-01 13:00 – Updated: 2026-05-01 13:21 X_Open Source
VLAI
Title
alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy
Summary
A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2026.04.10 is able to mitigate this issue. The identifier of the patch is 0072d3488ae5b8d922d3ee87458d829993742a32. It is recommended to upgrade the affected component.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
  • CWE-346 - Origin Validation Error
Assigner
Impacted products
Vendor Product Version
alexta69 MeTube Affected: 2026.04.09
Unaffected: 2026.04.10
Create a notification for this product.
Credits
AliAz (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7581",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-01T13:21:46.370834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-01T13:21:54.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "CORS Policy"
          ],
          "product": "MeTube",
          "vendor": "alexta69",
          "versions": [
            {
              "status": "affected",
              "version": "2026.04.09"
            },
            {
              "status": "unaffected",
              "version": "2026.04.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "AliAz (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2026.04.10 is able to mitigate this issue. The identifier of the patch is 0072d3488ae5b8d922d3ee87458d829993742a32. It is recommended to upgrade the affected component."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-01T13:00:21.405Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-360528 | alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/360528"
        },
        {
          "name": "VDB-360528 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/360528/cti"
        },
        {
          "name": "Submit #801529 | alexta69 MeTube 2026.04.09 Permissive Cross-domain Policy with Untrusted Domains",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/801529"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/az10b/security-advisories/blob/main/cors_MeTube.md"
        },
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/alexta69/metube/pull/949"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/alexta69/metube/commit/0072d3488ae5b8d922d3ee87458d829993742a32"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/alexta69/metube/releases/tag/2026.04.10"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/alexta69/metube/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-01T08:57:30.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-7581",
    "datePublished": "2026-05-01T13:00:21.405Z",
    "dateReserved": "2026-05-01T06:52:25.141Z",
    "dateUpdated": "2026-05-01T13:21:54.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-7643 (GCVE-0-2026-7643)

Vulnerability from cvelistv5 – Published: 2026-05-02 14:45 – Updated: 2026-05-04 18:03
VLAI
Title
ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy
Summary
A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
  • CWE-346 - Origin Validation Error
Assigner
References
Impacted products
Vendor Product Version
ChatGPTNextWeb NextChat Affected: 2.16.0
Affected: 2.16.1
Create a notification for this product.
Credits
Yu_Bao (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7643",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T18:02:25.979782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T18:03:06.500Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "API Endpoint"
          ],
          "product": "NextChat",
          "vendor": "ChatGPTNextWeb",
          "versions": [
            {
              "status": "affected",
              "version": "2.16.0"
            },
            {
              "status": "affected",
              "version": "2.16.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yu_Bao (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-02T14:45:12.877Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-360755 | ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/360755"
        },
        {
          "name": "VDB-360755 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/360755/cti"
        },
        {
          "name": "Submit #806833 | ChatGPTNextWeb NextChat 2.16.1 Permissive CORS Wildcard Policy",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/806833"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/ChatGPTNextWeb/NextChat/issues/6756"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/ChatGPTNextWeb/NextChat/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-01T18:39:08.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-7643",
    "datePublished": "2026-05-02T14:45:12.877Z",
    "dateReserved": "2026-05-01T16:33:59.113Z",
    "dateUpdated": "2026-05-04T18:03:06.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9739 (GCVE-0-2026-9739)

Vulnerability from cvelistv5 – Published: 2026-05-27 21:38 – Updated: 2026-05-28 13:20
VLAI
Summary
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP security guidelines. However, the hardcoded `Access-Control-Allow-Origin: *` header in the SSE initialization handler was inadvertently retained. This vulnerability specifically impacts users connecting via Toolbox using SSE under specification v2024-11-05.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
Impacted products
Vendor Product Version
Google MCP Toolbox for Databases Affected: 0 , < PR 3054 (Fix CORS bypass) (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9739",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T13:19:37.204820Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T13:20:43.816Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MCP Toolbox for Databases",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "PR 3054 (Fix CORS bypass)",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP security guidelines. However, the hardcoded `Access-Control-Allow-Origin: *` header in the SSE initialization handler was inadvertently retained. This vulnerability specifically impacts users connecting via Toolbox using SSE under specification v2024-11-05."
            }
          ],
          "value": "Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP security guidelines. However, the hardcoded `Access-Control-Allow-Origin: *` header in the SSE initialization handler was inadvertently retained. This vulnerability specifically impacts users connecting via Toolbox using SSE under specification v2024-11-05."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-275",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-275: DNS Rebinding"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T21:38:55.833Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/googleapis/mcp-toolbox/issues/3053"
        },
        {
          "url": "https://github.com/googleapis/mcp-toolbox/pull/3054"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2026-9739",
    "datePublished": "2026-05-27T21:38:55.833Z",
    "dateReserved": "2026-05-27T17:31:41.604Z",
    "dateUpdated": "2026-05-28T13:20:43.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}




Mitigation

Phases: Architecture and Design, Operation

Strategy: Attack Surface Reduction

Description:

  • Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
Mitigation

Phases: Architecture and Design, Operation

Strategy: Attack Surface Reduction

Description:

  • Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Mitigation

Phases: Architecture and Design, Operation

Strategy: Environment Hardening

Description:

  • For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page