Fallos del tipo CWE-436
76 resultadosCVE-2026-26961LOWRack: Multipart Boundary Parsing Ambiguity allowing WAF BypassEPSS 0.3%CVE-2026-30246MEDIUMgithub.com/gofiber/fiber/v3 cache middleware can mix responses across query parametersEPSS 0.3%CVE-2026-48788HIGHRemark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofingEPSS 0.3%CVE-2026-44576MEDIUMNext.js: Cache poisoning in React Server Component responsesEPSS 0.3%CVE-2026-32766LOWastral-tokio-tar insufficiently validates PAX extensions during extractionEPSS 0.2%CVE-2026-42177MEDIUMlinux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are grantedEPSS 0.2%CVE-2026-27444HIGHHeader Email Address ParsingEPSS 0.2%CVE-2026-40930MEDIUMLIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk bodyEPSS 0.2%CVE-2026-47076MEDIUMSSRF allowlist bypass via percent-encoded host in hackneyEPSS 0.2%CVE-2025-54368MEDIUMuv is vulnerable to ZIP payload obfuscation through parsing differentialsEPSS 0.2%CVE-2026-32762MEDIUMRack: Forwarded Header semicolon injection enables Host and Scheme spoofingEPSS 0.2%CVE-2026-53538LOWPython-Multipart: Semicolon treated as querystring field separator enables parameter smugglingEPSS 0.2%CVE-2026-53537LOWPython-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parametersEPSS 0.2%CVE-2026-42462HIGHFedify has an LD-Signature Bypass via JSON-LD Named-Graph RestructuringEPSS 0.2%CVE-2026-35200LOWParse Server has a file upload Content-Type override via extension mismatchEPSS 0.2%CVE-2026-53655MEDIUMnode-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)EPSS 0.1%