Weaknesses of type CWE-693
556 resultsCVE-2025-6427CRITICALconnect-src Content Security Policy restriction could be bypassedEPSS 0.3%CVE-2026-12296CRITICALSandbox escape in the Security: Process Sandboxing componentEPSS 0.3%CVE-2026-50545CRITICALFission Environment CRD PodSpec Injection Leading to Node Escape and Cluster TakeoverEPSS 0.3%CVE-2024-37182MEDIUMLack of permissions prompting when opening external URLsEPSS 0.3%CVE-2026-10944MEDIUMInsufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin daEPSS 0.3%CVE-2026-10950MEDIUMInsufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin daEPSS 0.3%CVE-2025-8656MEDIUMKenwood DMX958XR Protection Mechanism Failure Software Downgrade VulnerabilityEPSS 0.3%CVE-2025-11260MEDIUMWP Headless CMS Framework <= 1.15 - Unauthenticated Protection Mechanism BypassEPSS 0.3%CVE-2024-6153HIGHParallels Desktop Updater Protection Mechanism Failure Software Downgrade VulnerabilityEPSS 0.3%CVE-2026-8969HIGHMitigation bypass in the DOM: Security componentEPSS 0.3%CVE-2024-38874MEDIUMAn issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the maEPSS 0.3%CVE-2023-20573LOWDebug Exception Delivery in Secure Nested PagingEPSS 0.3%CVE-2026-47209HIGHvm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chainEPSS 0.3%CVE-2022-42848HIGHA logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. EPSS 0.3%CVE-2025-12094MEDIUMOOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header SpoofingEPSS 0.3%CVE-2026-47139HIGHvm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_serverEPSS 0.3%CVE-2026-22013MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). EPSS 0.3%CVE-2025-0276MEDIUMHCL BigFix Modern Client Management (MCM) is affected by an insecure Content Security Policy (CSP)EPSS 0.3%CVE-2025-0277MEDIUMHCL BigFix Mobile is affected by an insecure Content Security Policy (CSP)EPSS 0.3%CVE-2024-25744HIGHIn the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tEPSS 0.3%