Fallos del tipo CWE-436

76 resultados

CVE-2025-25292CRITICALRuby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)EPSS 63.8%CVE-2025-25291CRITICALruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)EPSS 19.5%CVE-2025-48384HIGHGit allows arbitrary code execution through broken config quotingEPSS 2.8%KEV CVE-2023-24813CRITICALURI validation failure on SVG parsing. Bypass of CVE-2023-23924EPSS 2.5%CVE-2019-19589CRITICALThe Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note:EPSS 1.8%CVE-2024-2004LOWUsage of disabled protocolEPSS 1.7%CVE-2023-22602—Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP requestEPSS 1.6%CVE-2021-39137MEDIUMConsensus flaw during block processing in go-ethereumEPSS 1.5%CVE-2021-21366MEDIUMMisinterpretation of malicious XML inputEPSS 1.3%CVE-2021-0207HIGHNFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series: Certain genuine traffic received by the Junos OS device will be discarded instead of forwarded.EPSS 1.3%CVE-2023-39481MEDIUMSofting Secure Integration Server Interpretation Conflict Remote Code Execution VulnerabilityEPSS 1.3%CVE-2023-29197MEDIUMImproper header name validation in guzzlehttp/psr7EPSS 1.2%CVE-2022-48279HIGHIn ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application FirewEPSS 1.2%CVE-2026-32052MEDIUMOpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv CarriersEPSS 0.9%CVE-2022-41915MEDIUMNetty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, wheEPSS 0.9%CVE-2022-35962HIGHCrafted link in Zulip message can cause disclosure of credentialsEPSS 0.9%CVE-2024-28054HIGHAmavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some maEPSS 0.8%CVE-2023-30541MEDIUMTransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contractsEPSS 0.8%CVE-2022-36051HIGHBroken Authorization in ZITADEL ActionsEPSS 0.8%CVE-2023-30536MEDIUMInsecure header validation in slim/psr7EPSS 0.7%

← anteriorpágina 1 / 4siguiente →