Weaknesses of type CWE-693
556 resultsCVE-2026-28500HIGHONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain AttackEPSS 0.3%CVE-2026-8018HIGHInsufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbEPSS 0.3%CVE-2026-11263MEDIUMInsufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had coEPSS 0.3%CVE-2026-32946MEDIUMEgress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)EPSS 0.3%CVE-2026-12315CRITICALMitigation bypass in the DOM: Security componentEPSS 0.3%CVE-2025-50897MEDIUMA vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translationsEPSS 0.3%CVE-2026-2803HIGHInformation disclosure, mitigation bypass in the Settings UI componentEPSS 0.3%CVE-2026-12302MEDIUMMitigation bypass in the DOM: Security componentEPSS 0.2%CVE-2026-44003MEDIUMvm2: Transformer Fast-Path Bypass Exposes Internal State VariableEPSS 0.2%CVE-2026-22753HIGHServlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchersEPSS 0.2%CVE-2026-0620MEDIUML2TP over IPSec Encryption Failure on ArcherAXE75EPSS 0.2%CVE-2023-22655MEDIUMProtection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a EPSS 0.2%CVE-2026-12316CRITICALMitigation bypass in the DOM: Security componentEPSS 0.2%CVE-2022-26774HIGHA logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able EPSS 0.2%CVE-2026-11282CRITICALInsufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially performEPSS 0.2%CVE-2026-11248HIGHInappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictiEPSS 0.2%CVE-2026-40158HIGHPraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonaiEPSS 0.2%CVE-2026-11170HIGHInappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level prEPSS 0.2%CVE-2026-42261HIGHPromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`EPSS 0.2%CVE-2026-7978HIGHInappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level priviEPSS 0.2%