Fallos del tipo CWE-501
24 resultadosCVE-2025-61884HIGHVulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected aEPSS 97.6%KEVCVE-2025-64496HIGHOpen WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE EventsEPSS 7.6%CVE-2024-3661HIGHDHCP routing options can manipulate interface-based VPN trafficEPSS 4.1%CVE-2024-49050HIGHVisual Studio Code Python Extension Remote Code Execution VulnerabilityEPSS 1.2%CVE-2020-4077HIGHContext isolation bypass via contextBridge in ElectronEPSS 1.0%CVE-2020-15096MEDIUMContext isolation bypass via Promise in ElectronEPSS 0.8%CVE-2024-1725MEDIUMKubevirt-csi: persistentvolume allows access to hcp's root nodeEPSS 0.6%CVE-2023-28597HIGHImproper trust boundary implementation for SMB in Zoom ClientsEPSS 0.5%CVE-2023-49788HIGHImproper handling of browser-side provided input in richdocuments path handlingEPSS 0.5%CVE-2025-48938LOWPrevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise ServerEPSS 0.4%CVE-2026-25725HIGHClaude Code Has Sandbox Escape via Persistent Configuration Injection in settings.jsonEPSS 0.4%CVE-2019-0035MEDIUMJunos OS: 'set system ports console insecure' allows root password recovery on OAM volumesEPSS 0.4%CVE-2025-49714HIGHVisual Studio Code Python Extension Remote Code Execution VulnerabilityEPSS 0.4%CVE-2020-4076HIGHContext isolation bypass via leaked cross-context objects in ElectronEPSS 0.4%CVE-2024-23682HIGHArtemis Java Test Sandbox Class Loading EscapeEPSS 0.4%CVE-2022-20826MEDIUMA vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (EPSS 0.3%CVE-2026-33828HIGHWindows Device Health Attestation (DHA) Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2025-1118MEDIUMGrub2: commands/dump: the dump command is not in lockdown when secure boot is enabledEPSS 0.3%CVE-2022-1799MEDIUMIncorrect signature verification on Google play-services-basement in Google Play SDKEPSS 0.3%CVE-2024-20265MEDIUMA vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the CiscEPSS 0.2%