Fallos del tipo CWE-829
175 resultadosCVE-2026-43940HIGHelecterm: Path traversal in electerm runWidget leads to arbitrary code executionEPSS 0.2%CVE-2026-3991HIGHElevation of Privileges in Symantec Data Loss Prevention Windows EndpointEPSS 0.2%CVE-2025-36355HIGHIBM Security Verify Access code executionEPSS 0.2%CVE-2026-45184MEDIUMKdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.EPSS 0.1%CVE-2026-22816HIGHGradle fails to disable repositories which can expose builds to malicious artifactsEPSS 0.1%CVE-2026-44312MEDIUMcss_parser allows to MITM included https css urlsEPSS 0.1%CVE-2026-48124HIGHCursor Desktop sandbox escape via Claude hook configurationEPSS 0.1%CVE-2025-49809HIGHmtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: EPSS 0.1%CVE-2026-42089HIGHyeoman-environment Vulnerable to Arbitrary Package Installation without User ConfirmationEPSS 0.1%CVE-2026-6357MEDIUMpip self-update functionality can import newly installed modules after wheel installationEPSS 0.1%CVE-2024-45482HIGHPrivilege escalation in B&R APROLEPSS 0.1%CVE-2026-44995MEDIUMOpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment VariablesEPSS 0.1%CVE-2026-1628MEDIUMMattermost allows external websites to open within the app, exposing preload functionality to non-trusted sites.EPSS 0.1%CVE-2026-22865HIGHGradle's failure to disable repositories failing to answer can expose builds to malicious artifactsEPSS 0.1%CVE-2026-41336HIGHOpenClaw < 2026.3.31 - Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable OverrideEPSS 0.1%CVE-2026-41295HIGHOpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel SetupEPSS 0.1%CVE-2026-8428HIGHCSRF token is not validated in the core CMS update controller for Concrete CMS 9.5.0 and belowEPSS 0.1%CVE-2025-33205HIGHNVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an unEPSS 0.1%CVE-2025-62186MEDIUMAnkitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL schemeEPSS 0.1%CVE-2026-12057HIGHDoS + Remote Code Execution via PDF JavaScript in Foxit AIEPSS 0.1%