Fallos del tipo CWE-184

127 resultados
CVE-2024-5217CRITICALIncomplete Input Validation in GlideExpression ScriptEPSS 99.6%KEVCVE-2022-43396HIGHApache Kylin: Command injection by Useless configurationEPSS 56.8%CVE-2017-7525A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticaEPSS 37.9%CVE-2024-5178MEDIUMIncomplete Input Validation in SecurelyAccess APIEPSS 33.6%CVE-2024-32152LOWA blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can leadEPSS 11.3%CVE-2017-15095A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated userEPSS 8.4%CVE-2021-25631denylist of executable filename extensions possible to bypass under windowsEPSS 4.2%CVE-2024-30103HIGHMicrosoft Outlook Remote Code Execution VulnerabilityEPSS 3.4%CVE-2023-23844HIGHSolarWinds Platform Incomplete List of Disallowed Inputs VulnerabilityEPSS 3.0%CVE-2023-2017HIGHImproper Control of Generation of Code in Twig Rendered Views in ShopwareEPSS 2.1%CVE-2023-34252HIGHGrav Server-side Template Injection via Insufficient Validation in filterFilterEPSS 2.1%CVE-2023-34253HIGHGrav vulnerable to Server-side Template Injection (SSTI) via Denylist BypassEPSS 2.1%CVE-2026-34415CRITICALXerte Online Toolkits File Upload RCE via elfinder ConnectorEPSS 2.1%CVE-2017-0909The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addEPSS 2.0%CVE-2020-14372A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled.EPSS 1.7%CVE-2017-7540rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. EPSS 1.6%CVE-2017-2602LOWjenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master securitEPSS 1.6%CVE-2023-40037Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLsEPSS 1.5%CVE-2025-1716MEDIUMpicklescan - Security scanning bypass via 'pip main'EPSS 1.5%CVE-2021-25737LOWHoles in EndpointSlice Validation Enable Host Network HijackEPSS 1.3%