Weaknesses of type CWE-829
175 resultsCVE-2026-33075CRITICALFastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.ymlEPSS 0.3%CVE-2026-26079MEDIUMRoundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.EPSS 0.3%CVE-2025-41390HIGHAn arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repEPSS 0.3%CVE-2026-44688HIGHIn Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context withEPSS 0.3%CVE-2026-46580HIGHIn Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded andEPSS 0.3%CVE-2024-24821HIGHCode execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in ComposerEPSS 0.3%CVE-2025-55305MEDIUMElectron is vulnerable to Code Injection via resource modificationEPSS 0.3%CVE-2026-40903CRITICALGoshs - ArtiPACKED Vulnerability – GitHub Actions Credential PersistenceEPSS 0.2%CVE-2025-0982CRITICALSandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine)EPSS 0.2%CVE-2025-12509HIGHScripts for the module Global_Shipping executable on BRAIN2 ServerEPSS 0.2%CVE-2026-44691HIGHIn Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be EPSS 0.2%CVE-2025-55273MEDIUMHCL Aftermarket DPC is affected by Cross Domain Script Include vulnerabilityEPSS 0.2%CVE-2026-28135HIGHWordPress Royal Elementor Addons plugin <= 1.7.1052 - Other vulnerability Type vulnerabilityEPSS 0.2%CVE-2026-5843HIGHDocker Model Runner container-to-host code execution via MLX-LM model_file importlib loadingEPSS 0.2%CVE-2026-5817HIGHDocker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backendsEPSS 0.2%CVE-2026-34442MEDIUMFreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScoutEPSS 0.2%CVE-2025-15612MEDIUMWazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCEEPSS 0.2%CVE-2026-22283HIGHDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. AEPSS 0.2%CVE-2026-40156HIGHPraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` LoadingEPSS 0.2%CVE-2026-27615HIGHADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE)EPSS 0.2%