Fallos del tipo CWE-791
34 resultadosCVE-2022-21668HIGHPipenv's requirements.txt parsing allows malicious index url in commentsEPSS 3.9%CVE-2022-2132—A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by seEPSS 1.7%CVE-2024-47590HIGHCross-Site Scripting (XSS) vulnerability in SAP Web DispatcherEPSS 0.8%CVE-2026-2969MEDIUMdatapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engineEPSS 0.7%CVE-2024-39899MEDIUMPrivateBin allows shortening of URLs for other domainsEPSS 0.6%CVE-2024-8373MEDIUMAngularJS improper sanitization in '<source>' elementEPSS 0.6%CVE-2026-7164HIGHpf can overflow the stack parsing crafted SCTP packetsEPSS 0.4%CVE-2025-2040MEDIUMzhijiantianya ruoyi-vue-pro deploy special elements used in a template engineEPSS 0.4%CVE-2025-5325MEDIUMzhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testService special elements used in a template engineEPSS 0.4%CVE-2024-27489HIGHAn issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.EPSS 0.4%CVE-2024-32162MEDIUMCMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.EPSS 0.4%CVE-2026-3725MEDIUM1024-lab/lab1024 SmartAdmin FreeMarker Template MailService.java freemarkerResolverContent special elements used in a template engineEPSS 0.4%CVE-2025-14731MEDIUMCTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used in a template engineEPSS 0.4%CVE-2025-0716MEDIUMAngularJS improper sanitization in SVG '<image>' elementEPSS 0.4%CVE-2025-6761MEDIUMKingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engineEPSS 0.4%CVE-2025-3841MEDIUMwix-incubator jam Jinja2 Template jam.py special elements used in a template engineEPSS 0.4%CVE-2025-2336MEDIUMAngularJS improper sanitization in SVG '<image>' element with 'ngSanitize'EPSS 0.4%CVE-2026-44232HIGHdssrf: every IPv6 category bypasses is_url_safeEPSS 0.3%CVE-2020-36827MEDIUMThe XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.EPSS 0.3%CVE-2025-0324CRITICALThe VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.EPSS 0.3%