Weaknesses of type CWE-470
47 resultsCVE-2021-21985CRITICALThe vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plEPSS 100.0%KEVCVE-2024-4990HIGHUnsafe Reflection in base Component class in yiisoft/yii2EPSS 79.5%CVE-2024-0200HIGHUnsafe Reflection in Github Enterprise Server leading to Command InjectionEPSS 71.7%CVE-2025-3600HIGHUnsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAXEPSS 19.1%CVE-2025-53693CRITICALHTML Cache Poisoning through Unsafe ReflectionsEPSS 13.8%CVE-2022-23744—Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection bEPSS 4.3%CVE-2022-41853HIGHRemote code execution in HyperSQL DataBaseEPSS 3.5%CVE-2019-10174HIGHA vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application clEPSS 3.1%CVE-2023-33652HIGHSitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the componenEPSS 2.5%CVE-2023-6943CRITICALUse of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocketEPSS 1.8%CVE-2024-28121HIGHReflex arbitrary method call in stimulus_reflexEPSS 1.6%CVE-2026-33157HIGHCraft CMS: Potential authenticated Remote Code Execution via malicious attached BehaviorEPSS 1.0%CVE-2019-3834MEDIUMIt was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate EPSS 1.0%CVE-2020-7857HIGHA vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficEPSS 1.0%CVE-2026-25498HIGHCraft has a potential authenticated Remote Code Execution via malicious attached BehaviorEPSS 1.0%CVE-2024-6096HIGHUnsafe Deserialization VulnerabilityEPSS 0.9%CVE-2025-63690CRITICALIn pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management moduEPSS 0.8%CVE-2024-8015CRITICALTelerik Report Server Insecure Type ResolutionEPSS 0.8%CVE-2025-68455HIGHCraft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached BehaviorEPSS 0.8%CVE-2026-42027CRITICALApache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoaderEPSS 0.7%