Fallos del tipo CWE-345
369 resultadosCVE-2026-35042HIGHfast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)EPSS 0.2%CVE-2025-53548HIGH@clerk/backend Performs Insufficient Verification of Data AuthenticityEPSS 0.2%CVE-2026-42206MEDIUMRoadiz OpenID Connect nonce generated but never validated — ID token replay attackEPSS 0.2%CVE-2026-31835MEDIUMVaultwarden WebAuthn credential metadata tampered before signature verificationEPSS 0.2%CVE-2026-44999MEDIUMOpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness EventsEPSS 0.2%CVE-2025-66225HIGHOrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset WorkflowEPSS 0.2%CVE-2025-12080MEDIUMIntent Abuse in Google Messages for Wear OS for Silent Message SendingEPSS 0.1%CVE-2026-46539MEDIUMnimiq-primitives: BlockInclusionProof interlink issue when hops are emptyEPSS 0.1%CVE-2025-71057HIGHImproper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attEPSS 0.1%CVE-2026-0939MEDIUMRede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status ManipulationEPSS 0.1%CVE-2026-2385MEDIUMThe Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email RelayEPSS 0.1%CVE-2025-12752MEDIUMSubscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment CreationEPSS 0.1%CVE-2022-39909HIGHInsufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local atEPSS 0.1%CVE-2025-59700MEDIUMEntrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access toEPSS 0.1%CVE-2026-45055HIGHCubeCart: Pre-Authenticated Password Reset Link Poisoning via HTTP Host HeaderEPSS 0.1%CVE-2026-47155MEDIUMvLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processorsEPSS 0.1%CVE-2025-0092MEDIUMIn handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could leaEPSS 0.1%CVE-2026-47123HIGHFreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID PathEPSS 0.1%CVE-2026-7689MEDIUMDolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verificationEPSS 0.1%CVE-2026-54266HIGHAngular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State PoisoningEPSS 0.1%