Weaknesses of type CWE-829
175 resultsCVE-2023-45798HIGHYettiesoft VestCert Remote Code Execution VulnerabilityEPSS 0.6%CVE-2022-41216HIGHCloudflow - Local File Inclusion VulnerabilityEPSS 0.6%CVE-2025-27668CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via IfrEPSS 0.6%CVE-2023-4591HIGHInclusion of Functionality from Untrusted Control Sphere in WPN-XM ServerstackEPSS 0.6%CVE-2025-65964CRITICALn8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit HookEPSS 0.6%CVE-2024-43690HIGHInclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perEPSS 0.6%CVE-2025-66022CRITICALFACTION Unauthenticated Custom Extension Upload leads to RCEEPSS 0.6%CVE-2024-54663HIGHAn issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerabEPSS 0.6%CVE-2025-27510CRITICALRCE in the package conda-forge-metadataEPSS 0.6%CVE-2024-5693MEDIUMOffscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of saEPSS 0.6%CVE-2025-70974CRITICALFastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a JavaEPSS 0.6%CVE-2026-42510MEDIUMOpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.EPSS 0.6%CVE-2024-45416HIGHThe HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are storEPSS 0.6%CVE-2026-46529HIGHPDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopenEPSS 0.6%CVE-2023-36609HIGH
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpEPSS 0.6%CVE-2026-26974HIGHSylde has Improper Control of Generation of CodeEPSS 0.5%CVE-2024-3043HIGHZigbee co-ordinator realignment packet may lead to denial of serviceEPSS 0.5%CVE-2024-48336HIGHThe install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, whEPSS 0.5%CVE-2025-11023CRITICALLocal File Inclusion in ArkSigner's AcBakImzalaEPSS 0.5%CVE-2026-1699CRITICALIn the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while chEPSS 0.5%