Fallos del tipo CWE-184
134 resultadosCVE-2025-61924LOWPrestaShop Checkout Target PayPal merchant account hijacking from backofficeEPSS 0.2%CVE-2026-53861MEDIUMOpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOSEPSS 0.2%CVE-2026-44287MEDIUMFastGPT: sandbox escape to RCE - code-sandbox regex /\bimport\s*\(/ is bypassableEPSS 0.2%CVE-2025-24388LOWUnsafe handling of AJAX callsEPSS 0.2%CVE-2025-67747HIGHFickling has missing detection for marshal.loads and types.FunctionType in unsafe modules listEPSS 0.2%CVE-2025-67748HIGHFickling has Code Injection vulnerability via pty.spawn()EPSS 0.2%CVE-2026-47389HIGHMastodon: SSRF protection bypass on older Ruby versionsEPSS 0.2%CVE-2026-44463HIGHZed: Allowlist Bypass via Environment Variable Injection in Terminal Tool PermissionsEPSS 0.2%CVE-2026-33628MEDIUMInvoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line ItemsEPSS 0.2%CVE-2026-26274MEDIUMOctober: Safe Mode Bypass via Twig Database Write OperationsEPSS 0.2%CVE-2026-43929HIGHssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed InputsEPSS 0.2%CVE-2025-67716MEDIUMAuth0 Next.js SDK has Improper Validation of Query ParametersEPSS 0.2%CVE-2025-58353HIGHPromptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping PatternsEPSS 0.2%CVE-2026-44587MEDIUMCarrierWave has a denylisted_content_type bypass via Unescaped Regex MetacharactersEPSS 0.2%CVE-2022-50238HIGHThe on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. SoEPSS 0.2%CVE-2026-40077LOWBeszel has an IDOR in hub API endpoints that read system ID from URL parameterEPSS 0.2%CVE-2026-41361MEDIUMOpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use RangesEPSS 0.2%CVE-2026-53944MEDIUMGhost: Private IP filtering bypass to make server-side requests to internal servicesEPSS 0.2%CVE-2025-1484MEDIUMA vulnerability exists in the media upload component of the Asset
Suite versions listed below. If successfully exploited an attacker
couldEPSS 0.2%CVE-2025-46417MEDIUMThe unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS afteEPSS 0.2%