Weaknesses of type CWE-830
12 resultsCVE-2025-64496HIGHOpen WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE EventsEPSS 7.6%CVE-2024-29944HIGHAn attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent proceEPSS 4.7%CVE-2023-2588HIGH
Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (EPSS 1.1%CVE-2021-28162—In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.EPSS 0.8%CVE-2024-42381HIGHos/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieveEPSS 0.6%CVE-2025-33028MEDIUMIn WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability aEPSS 0.5%CVE-2024-35180MEDIUMOMERO.web JSONP callback vulnerabilityEPSS 0.3%CVE-2025-46652MEDIUMIn IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears MaEPSS 0.3%CVE-2025-65109HIGHMinder does not sandbox http.send in Rego programsEPSS 0.2%CVE-2025-33027MEDIUMIn Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-EPSS 0.2%CVE-2025-33026MEDIUMIn PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-WebEPSS 0.2%CVE-2025-43703MEDIUMAn issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API EPSS 0.2%