Weaknesses of type CWE-441
90 resultsCVE-2026-49821HIGHFission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltrationEPSS 0.2%CVE-2026-3160MEDIUMUnintended Proxy or Intermediary ('Confused Deputy') in GitLabEPSS 0.2%CVE-2025-64125CRITICALNuvation Energy nCloud Client-to-Client CommunicationEPSS 0.2%CVE-2025-11393HIGHInsights-runtimes-tech-preview/runtimes-inventory-rhel8-operator: improper proxy configuration allows unauthorized administrative commandsEPSS 0.2%CVE-2026-27124HIGHFastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy VulnerabilitiesEPSS 0.2%CVE-2026-36608HIGHMercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admEPSS 0.2%CVE-2026-48522MEDIUMPyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemesEPSS 0.2%CVE-2026-41365MEDIUMOpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API Thread HistoryEPSS 0.2%CVE-2024-31319HIGHIn updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a conEPSS 0.2%CVE-2025-25306CRITICALMisskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated NotesEPSS 0.2%CVE-2026-9595MEDIUMwebpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxiesEPSS 0.2%CVE-2025-66415MEDIUMfastify-reply-from bypass of reply forwardingEPSS 0.1%CVE-2026-50169MEDIUMAngular Service Worker Policy-Bypass & Credential-Stripping VulnerabilitiesEPSS 0.1%CVE-2026-44992MEDIUMOpenClaw 2026.4.5 through 2026.4.19 - MiniMax API Host Override via Workspace dotenvEPSS 0.1%CVE-2026-45003MEDIUMOpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv FilesEPSS 0.1%CVE-2025-22441HIGHIn getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileEPSS 0.1%CVE-2025-48579HIGHIn multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This couEPSS 0.1%CVE-2025-48598MEDIUMIn multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead toEPSS 0.1%CVE-2023-31313HIGHAn unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messagesEPSS 0.1%CVE-2026-0021HIGHIn hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. ThisEPSS 0.1%