Weaknesses of type CWE-693
556 resultsCVE-2023-34984HIGHA protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 alloEPSS 0.7%CVE-2023-30851LOWPotential HTTP policy bypass when using header rules in CiliumEPSS 0.7%CVE-2024-5691MEDIUMBy tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would EPSS 0.7%CVE-2022-43424MEDIUMJenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can beEPSS 0.6%CVE-2024-6741MEDIUMOpenfind Mail2000 - HttpOnly flag bypassEPSS 0.6%CVE-2022-43434MEDIUMJenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generaEPSS 0.6%CVE-2024-26250MEDIUMSecure Boot Security Feature Bypass VulnerabilityEPSS 0.6%CVE-2024-43513MEDIUMBitLocker Security Feature Bypass VulnerabilityEPSS 0.6%CVE-2024-28248HIGHCilium intermittent HTTP policy bypassEPSS 0.6%CVE-2022-43435MEDIUMJenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in worEPSS 0.6%CVE-2025-27665CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Antivirus Protection aEPSS 0.6%CVE-2024-33883MEDIUMThe ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.EPSS 0.6%CVE-2024-0681MEDIUMPage Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism BypassEPSS 0.6%CVE-2024-20669MEDIUMSecure Boot Security Feature Bypass VulnerabilityEPSS 0.6%CVE-2024-28919MEDIUMSecure Boot Security Feature Bypass VulnerabilityEPSS 0.6%CVE-2026-20665MEDIUMThis issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iEPSS 0.6%CVE-2024-0680MEDIUMWP Private Content Plus <= 3.6 - Protection Mechanism BypassEPSS 0.6%CVE-2024-20923LOWVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions thEPSS 0.6%CVE-2024-0747MEDIUMWhen a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child ContEPSS 0.6%CVE-2023-0141MEDIUMInsufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crEPSS 0.6%