Weaknesses of type CWE-706
58 resultsCVE-2021-37212MEDIUMLarvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-1EPSS 0.6%CVE-2026-40912HIGHTraefik: StripPrefixRegex auth bypass via Path/RawPath desyncEPSS 0.6%CVE-2023-42451HIGHMastodon Invalid Domain Name Normalization vulnerabilityEPSS 0.6%CVE-2023-28628MEDIUM`authority-regex` returns the wrong authority in lambdaisland/uriEPSS 0.6%CVE-2025-58362HIGHHono contains a flaw in URL path parsing, potentially leading to path confusionEPSS 0.5%CVE-2026-25890HIGHFile Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URLEPSS 0.5%CVE-2023-27561HIGHrunc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit thiEPSS 0.4%CVE-2022-41874LOWTauri Filesystem Scope can be Partially BypassedEPSS 0.4%CVE-2023-42125HIGHAvast Premium Security Sandbox Protection Link Following Privilege Escalation VulnerabilityEPSS 0.4%CVE-2025-30357HIGHNamelessMC Forum Topic Deletion Triggered by Unrelated User DeletionEPSS 0.4%CVE-2026-35666HIGHOpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch WrapperEPSS 0.4%CVE-2026-3125HIGHSSRF vulnerability in opennextjs-cloudflare via /cdn-cgi/ path normalization bypassEPSS 0.4%CVE-2025-29914MEDIUMOWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`EPSS 0.3%CVE-2026-25067MEDIUMSmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path CoercionEPSS 0.3%CVE-2026-41354MEDIUMOpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe KeysEPSS 0.3%CVE-2026-54022MEDIUMOpen WebUI: Any authenticated user can read other users' private notes via Socket.IOEPSS 0.3%CVE-2026-10696HIGHUse of an incorrectly resolved name or reference in the pinget backend
in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet communiEPSS 0.3%CVE-2026-41402LOWOpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope BypassEPSS 0.3%CVE-2022-28198MEDIUMNVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the syEPSS 0.3%CVE-2026-30856MEDIUMWeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt InjectionEPSS 0.3%