Fallos del tipo CWE-420
37 resultadosCVE-2023-20198CRITICALCisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We areEPSS 99.6%KEVCVE-2025-54309CRITICALCrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allowsEPSS 92.0%KEVCVE-2024-10081CRITICALCodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
Authentication bypasEPSS 39.2%CVE-2025-13315CRITICALUnauthenticated log access in Twonky ServerEPSS 31.9%CVE-2024-6242HIGHRockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix DevicesEPSS 9.2%CVE-2025-53967HIGHFramelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a craftEPSS 7.4%CVE-2020-8558MEDIUMKubernetes node setting allows for neighboring hosts to bypass localhost boundaryEPSS 3.6%CVE-2023-28840HIGHmoby/moby's dockerd daemon encrypted overlay network may be unauthenticatedEPSS 2.7%CVE-2023-28842MEDIUMmoby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticatedEPSS 1.4%CVE-2025-67303HIGHAn issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. ThEPSS 1.4%CVE-2023-31241HIGHSnap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.EPSS 0.8%CVE-2026-40217HIGHLiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.EPSS 0.7%CVE-2024-4444MEDIUMLearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User RegistrationEPSS 0.7%CVE-2022-25786MEDIUMGateManager debug interface is included in production buildsEPSS 0.7%CVE-2026-25916MEDIUMRoundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.EPSS 0.6%CVE-2023-0317MEDIUMGateManager debug interface is included in non-debug buildsEPSS 0.5%CVE-2025-52921CRITICALIn Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution oEPSS 0.5%CVE-2024-6099MEDIUMLearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User RegistrationEPSS 0.4%CVE-2025-54351HIGHIn iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).EPSS 0.4%CVE-2025-56558LOWThe Dyson MQTT server (2022 and possibly later) allows publications and subscriptions by a client that has the correct values of AWS_ACCESS_EPSS 0.3%