Fallos del tipo CWE-807

78 resultados

CVE-2026-21509HIGHMicrosoft Office Security Feature Bypass VulnerabilityEPSS 72.2%KEV CVE-2024-13974HIGHA business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controEPSS 6.7%CVE-2021-41129HIGHAuthentication bypass in PterodactylEPSS 1.7%CVE-2026-21514HIGHMicrosoft Word Security Feature Bypass VulnerabilityEPSS 1.5%KEV CVE-2025-49827CRITICALConjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM AuthenticatorEPSS 1.4%CVE-2021-31999HIGHRancher: Privilege escalation vulnerability via malicious Connection headerEPSS 1.1%CVE-2024-29039CRITICALMissing check in tpm2_checkquote allows attackers to misrepresent the TPM stateEPSS 1.0%CVE-2026-20849HIGHWindows Kerberos Elevation of Privilege VulnerabilityEPSS 1.0%CVE-2021-36777HIGHlogin-proxy sends password to attacker-provided domainEPSS 0.9%CVE-2017-0887—Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by tEPSS 0.9%CVE-2022-20744MEDIUMCisco Firepower Management Center Software Information Disclosure VulnerabilityEPSS 0.9%CVE-2021-29479HIGHCached redirect poisoning via X-Forwarded-Host headerEPSS 0.9%CVE-2025-12488CRITICALoobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution VulnerabilityEPSS 0.8%CVE-2025-12487CRITICALoobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution VulnerabilityEPSS 0.8%CVE-2023-46686MEDIUM A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre DiaEPSS 0.5%CVE-2024-51561CRITICALAuthentication bypass Vulnerability in AeroEPSS 0.5%CVE-2026-27707HIGHPlex-configured Seerr instances vulnerable to unauthenticated account registration via Jellyfin authentication endpointEPSS 0.5%CVE-2024-21510MEDIUMVersions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XEPSS 0.5%CVE-2024-52327MEDIUMECOVACS lawnmower and vacuum cloud service live video PIN bypassEPSS 0.5%CVE-2026-39807MEDIUMClient-supplied URI scheme trusted without transport verification in banditEPSS 0.5%

← anteriorpágina 1 / 4siguiente →