Falhas do tipo CWE-669
59 resultadosCVE-2026-31431HIGHcrypto: algif_aead - Revert to operating out-of-placeEPSS 96.8%KEVCVE-2026-25253HIGHOpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket conneEPSS 8.0%CVE-2020-15257MEDIUMcontainerd-shim API Exposed to Host Network ContainersEPSS 3.2%CVE-2024-37891MEDIUMProxy-Authorization request header isn't stripped during cross-origin redirects in urllib3EPSS 1.1%CVE-2021-22806—A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when EPSS 0.9%CVE-2025-67895CRITICALApache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2EPSS 0.8%CVE-2024-29018MEDIUMExternal DNS requests from 'internal' networks could lead to data exfiltrationEPSS 0.8%CVE-2022-30236HIGHA CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses crossEPSS 0.7%CVE-2022-46173HIGHElrond go Processing: fallback search of SCRs when not found in the main cacheEPSS 0.7%CVE-2023-22950MEDIUMAn issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permiEPSS 0.7%CVE-2021-34574MEDIUMPassword policy evasion in products of MB connect line and HelmholzEPSS 0.7%CVE-2023-31114CRITICALAn issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can EPSS 0.6%CVE-2025-34158HIGHPlex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/aEPSS 0.5%CVE-2025-62646MEDIUMThe Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of converEPSS 0.5%CVE-2023-31115HIGHAn issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can EPSS 0.5%CVE-2022-35916MEDIUMCross chain utilities for Arbitrum L2 see EOA calls as cross chain callsEPSS 0.5%CVE-2026-48847LOWRoundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session pEPSS 0.4%CVE-2025-41660HIGHCODESYS Control Boot Application Replacement Enables Code ExecutionEPSS 0.4%CVE-2023-41894MEDIUMLocal-only webhooks externally accessible via SniTun in Home Assistant CoreEPSS 0.4%CVE-2026-35542MEDIUMAn issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted backgEPSS 0.4%