Falhas do tipo CWE-913
69 resultadosCVE-2020-25803MEDIUMAuthenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects.EPSS 1.1%CVE-2020-25802MEDIUMAuthenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting.EPSS 1.1%CVE-2021-32813MEDIUMDrop Headers via Malicious Connection HeaderEPSS 1.1%CVE-2022-44000CRITICALAn issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbEPSS 0.9%CVE-2025-6384HIGHImproper Control of Dynamically-Managed Code Resources in Crafter StudioEPSS 0.9%CVE-2021-23267HIGHImproper Control of Dynamically-Managed Code Resources in Crafter StudioEPSS 0.8%CVE-2023-37271HIGHRestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escapeEPSS 0.8%CVE-2021-21413HIGHMisuse of `Reference` and other transferable APIs may lead to access to nodejs isolateEPSS 0.7%CVE-2021-23259MEDIUMGroovy Sandbox BypassEPSS 0.7%CVE-2021-23258MEDIUMSpring SPEL Expression Language InjectionEPSS 0.7%CVE-2025-69219HIGHApache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperatorEPSS 0.7%CVE-2022-3225HIGHImproper Control of Dynamically-Managed Code Resources in budibase/budibaseEPSS 0.7%CVE-2022-39051MEDIUMPerl Code execution in Template ToolkitEPSS 0.7%CVE-2023-5763MEDIUMGlassfish remote code executionEPSS 0.7%CVE-2019-1595HIGHCisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service VulnerabilityEPSS 0.6%CVE-2022-31764HIGHApache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBCEPSS 0.6%CVE-2026-33286CRITICALGraphiti Affected by Arbitrary Method Execution via Unvalidated Relationship NamesEPSS 0.6%CVE-2025-25270CRITICALRemote Code Execution via Unauthenticated Configuration ManipulationEPSS 0.6%CVE-2023-25560HIGHJSON Injection in DataHubEPSS 0.6%CVE-2021-23262MEDIUMSnakeyaml deserialization vulnerability bypassEPSS 0.6%