Falhas do tipo CWE-15
65 resultadosCVE-2023-32349HIGH
Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter paEPSS 1.0%CVE-2024-4326CRITICALRemote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webuiEPSS 1.0%CVE-2021-27406HIGHPerFact OpenVPN-ClientEPSS 0.9%CVE-2023-4704HIGHExternal Control of System or Configuration Setting in instantsoft/icms2EPSS 0.7%CVE-2024-21583MEDIUMVersions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gEPSS 0.6%CVE-2026-22708HIGHCursor has a Terminal Tool Allowlist Bypass via Environment VariablesEPSS 0.5%CVE-2025-30512MEDIUMGrowatt Cloud portal External Control of System or Configuration SettingEPSS 0.5%CVE-2024-50358HIGHA CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKIEPSS 0.5%CVE-2026-35650HIGHOpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent SanitizationEPSS 0.5%CVE-2022-41582HIGHThe security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.EPSS 0.5%CVE-2025-27889LOWWing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injectionEPSS 0.4%CVE-2026-22177MEDIUMOpenClaw < 2026.2.21 - Environment Variable Injection via Config env.varsEPSS 0.4%CVE-2026-27203HIGHeBay API MCP Server Affected by Environment Variable InjectionEPSS 0.4%CVE-2023-46764—Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliEPSS 0.3%CVE-2024-51543HIGHInformation DisclosureEPSS 0.3%CVE-2023-3321HIGHCode Execution through Writable Mosquitto Configuration FileEPSS 0.3%CVE-2024-54097HIGHSecurity vulnerability in the HiView module
Impact: Successful exploitation of this vulnerability may affect feature implementation and inteEPSS 0.3%CVE-2025-13091MEDIUMShopire <= 1.0.57 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin InstallEPSS 0.3%CVE-2026-46399CRITICALAuthenticated Remote Code Execution via File OverwriteEPSS 0.3%CVE-2025-43792LOWRemote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.EPSS 0.3%