Weaknesses of type CWE-829
175 resultsCVE-2026-47292HIGHVisual Studio Code MSSQL Extension Remote Code Execution VulnerabilityEPSS 0.4%CVE-2026-26862HIGHCleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage in the Visual BuilEPSS 0.4%CVE-2026-43944CRITICALelecterm: dangerous code can be run through links or command lineEPSS 0.4%CVE-2025-70046CRITICALAn issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.EPSS 0.4%CVE-2026-6859HIGHInstructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true`EPSS 0.4%CVE-2026-56447CRITICALMISP remote code execution via arbitrary rdkafka configuration pathEPSS 0.3%CVE-2025-59828HIGHClaude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn VersionsEPSS 0.3%CVE-2024-32011HIGHA vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run EPSS 0.3%CVE-2026-32920HIGHOpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace PluginsEPSS 0.3%CVE-2023-5523HIGHM-Files Web Companion allows Remote Code ExecutionEPSS 0.3%CVE-2026-47172CRITICALQuest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.EPSS 0.3%CVE-2022-4134LOWA flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrEPSS 0.3%CVE-2025-59535MEDIUMDotNetNuke.Core allows loading of unused themes on anonymous clients through query parametersEPSS 0.3%CVE-2025-67842MEDIUMThe Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomainEPSS 0.3%CVE-2026-47174CRITICALDuck Site: Untrusted pull request code can trigger privileged production deploymentEPSS 0.3%CVE-2023-31170MEDIUM Inclusion of Functionality from Untrusted Control SphereEPSS 0.3%CVE-2022-33317HIGHInclusion of Functionality from Untrusted Control Sphere vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, MitsubishEPSS 0.3%CVE-2026-40313CRITICALPraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential PersistenceEPSS 0.3%CVE-2025-53546CRITICALFolo allows secrets exfiltration via `pull_request_target`EPSS 0.3%CVE-2026-40154CRITICALPraisonAI Affected by Untrusted Remote Template Code ExecutionEPSS 0.3%