Fallos del tipo CWE-73

466 resultados
CVE-2026-27825CRITICALMCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachmentEPSS 2.3%CVE-2023-36764HIGHMicrosoft SharePoint Server Elevation of Privilege VulnerabilityEPSS 2.3%CVE-2018-7495In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prioEPSS 2.2%CVE-2018-14820Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, whichEPSS 2.2%CVE-2025-59516HIGHWindows Storage VSP Driver Elevation of Privilege VulnerabilityEPSS 2.1%CVE-2024-20652HIGHWindows HTML Platforms Security Feature Bypass VulnerabilityEPSS 2.1%CVE-2024-5334HIGHLocal File Read in stitionai/devikaEPSS 2.1%CVE-2020-6105HIGHAn exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted fEPSS 2.0%CVE-2023-40194HIGHAn arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of wEPSS 2.0%CVE-2020-2009HIGHPAN-OS: Panorama SD WAN arbitrary file creationEPSS 2.0%CVE-2025-0111HIGHPAN-OS: Authenticated File Read Vulnerability in the Management Web InterfaceEPSS 1.9%KEVCVE-2025-59049HIGHMockoon has a Path Traversal and LFI in the static file serving endpointEPSS 1.7%CVE-2023-46851Apache Allura: sensitive information exposure via importEPSS 1.6%CVE-2023-35384MEDIUMWindows HTML Platforms Security Feature Bypass VulnerabilityEPSS 1.6%CVE-2024-38049MEDIUMWindows Distributed Transaction Coordinator Remote Code Execution VulnerabilityEPSS 1.6%CVE-2020-25161The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operatioEPSS 1.5%CVE-2020-15264HIGHPrivilege Escalation in BoxstarterEPSS 1.5%CVE-2026-26975HIGHMusic Assistant Server Path Traversal in Playlist Update API Allows Remote Code ExecutionEPSS 1.4%CVE-2025-46762HIGHApache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadataEPSS 1.4%CVE-2020-26078MEDIUMCisco IoT Field Network Director File Overwrite VulnerabilityEPSS 1.4%