Fallos del tipo CWE-829
175 resultadosCVE-2026-4295HIGHArbitrary code execution via crafted project files in Kiro IDEEPSS 0.2%CVE-2022-49038HIGHInclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 EPSS 0.2%CVE-2026-52858HIGHVim: Arbitrary Code Execution via Python Omni-CompletionEPSS 0.2%CVE-2026-41253MEDIUMIn iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains aEPSS 0.2%CVE-2026-4255HIGHDLL Injection Privilege EscalationEPSS 0.2%CVE-2025-36852CRITICALBuild Cache Poisoning via Untrusted Pull RequestsEPSS 0.2%CVE-2025-54558MEDIUMOpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.EPSS 0.2%CVE-2026-40959CRITICALLuanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.EPSS 0.2%CVE-2026-22551MEDIUMIn Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitraryEPSS 0.2%CVE-2026-44358HIGHEspressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action EntrypointEPSS 0.2%CVE-2026-6482HIGHLocal Privilege Escalation via OpenSSL configuration file in Insight AgentEPSS 0.2%CVE-2025-68162LOWIn JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configurationEPSS 0.2%CVE-2026-1342HIGHSecurity Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify AccessEPSS 0.2%CVE-2026-26959HIGHADB Explorer Vulnerable to RCE via Insufficient Input ValidationEPSS 0.2%CVE-2025-27582HIGHThe Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawEPSS 0.2%CVE-2026-55698HIGHpnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytesEPSS 0.2%CVE-2026-8426HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF on prepare_remote_upgrade() leading to one-request RCE via package overwriteEPSS 0.2%CVE-2025-52655LOWHCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.EPSS 0.2%CVE-2026-7373HIGHMetasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File LoadingEPSS 0.2%CVE-2024-52976MEDIUMElastic Agent Inclusion of Functionality from Untrusted Control SphereEPSS 0.2%