Weaknesses of type CWE-693
556 resultsCVE-2025-22429CRITICALIn multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalatiEPSS 0.2%CVE-2021-3453MEDIUMSome Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker wiEPSS 0.2%CVE-2025-20347MEDIUMCisco Nexus Dashboard Fabric Controller Unauthorized REST API VulnerabilityEPSS 0.2%CVE-2026-44451CRITICALLumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypassEPSS 0.2%CVE-2026-11206MEDIUMInsufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin dataEPSS 0.2%CVE-2026-10174MEDIUMAider-AI Aider Pre-commit Hook args.py protection mechanismEPSS 0.2%CVE-2026-45227HIGHHeym < 0.0.21 Sandbox Escape via Python IntrospectionEPSS 0.2%CVE-2022-48611HIGHA logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevateEPSS 0.2%CVE-2026-12027CRITICALInappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the rendererEPSS 0.2%CVE-2020-12954—A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPIEPSS 0.2%CVE-2026-22723MEDIUMUAA User Token Revocation logic errorEPSS 0.2%CVE-2026-9115MEDIUMInsufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origiEPSS 0.2%CVE-2025-59033HIGHThe Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only tEPSS 0.2%CVE-2026-39419LOWMaxKB: Sandbox Result Validation Bypass via Tool Output SpoofingEPSS 0.2%CVE-2026-7963HIGHInappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the rendEPSS 0.2%CVE-2025-41224HIGHA vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), REPSS 0.2%CVE-2025-43330HIGHThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to bEPSS 0.2%CVE-2025-46553LOW@misskey-dev/summaly Redirect Filter BypassEPSS 0.2%CVE-2026-9116MEDIUMInsufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin EPSS 0.2%CVE-2026-53949MEDIUMGhost Content API filter bypass reveals private fieldsEPSS 0.2%