Weaknesses of type CWE-829
175 resultsCVE-2025-53841HIGHThe GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.EPSS 0.1%CVE-2026-41396HIGHOpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust RootEPSS 0.1%CVE-2026-25931HIGHvscode-spell-checker has a workspace-trust bypass Code ExecutionEPSS 0.1%CVE-2026-22217MEDIUMOpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix FallbackEPSS 0.1%CVE-2022-49036HIGHAn inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business ReEPSS 0.1%CVE-2022-49042HIGHAn inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.EPSS 0.1%CVE-2026-41355MEDIUMOpenClaw < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File ConversionEPSS 0.1%CVE-2025-39666CRITICALomd: Local privilege escalation when executing omd commands as rootEPSS 0.1%CVE-2025-69257MEDIUMtheshit vulnerable to unsafe loading of user-owned Python rules when running as root.EPSS 0.1%CVE-2026-54325MEDIUMPi loads project-local extensions without approvalEPSS 0.1%CVE-2025-57729MEDIUMIn JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server startEPSS 0.1%CVE-2026-55697HIGHpnpm: Repository-controlled configDependencies can select a pacquet native install engineEPSS 0.1%CVE-2026-55487HIGHpnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycleEPSS 0.1%CVE-2025-67900HIGHNXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.EPSS 0.1%CVE-2026-11269HIGHInappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to eEPSS 0.1%