Fallos del tipo CWE-829
171 resultadosCVE-2025-32463CRITICALSudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the -EPSS 47.5%KEVCVE-2024-38476CRITICALApache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirectEPSS 41.6%CVE-2024-29073MEDIUMAn vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim pEPSS 10.8%CVE-2026-0770CRITICALLangflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution VulnerabilityEPSS 10.4%CVE-2025-64496HIGHOpen WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE EventsEPSS 7.6%CVE-2022-1161CRITICALICSA-22-090-05 Rockwell Automation Logix ControllersEPSS 4.9%CVE-2020-8128—An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitEPSS 2.6%CVE-2021-32802CRITICALPreview generation used third-party library not suited for user-generated content in Nextcloud serverEPSS 2.5%CVE-2021-3603HIGHInclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailerEPSS 2.3%CVE-2023-49134HIGHA command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access PointEPSS 1.7%CVE-2023-49133HIGHA command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access PointEPSS 1.7%CVE-2025-54135HIGHCursor Agent is vulnerable to prompt injection via MCP Special FilesEPSS 1.7%CVE-2025-27607HIGHPython JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependencyEPSS 1.5%CVE-2024-38537NONEInclusion of Untrusted polyfill.io Code Vulnerability in fides.jsEPSS 1.4%CVE-2023-40195HIGHApache Airflow Spark Provider Deserialization Vulnerability RCEEPSS 1.4%CVE-2021-29427HIGHRepository content filters do not work in Settings pluginManagementEPSS 1.3%CVE-2018-1122HIGHprocps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-contEPSS 1.3%CVE-2022-23630HIGHDependency verification bypass in GradleEPSS 1.3%CVE-2019-11770—In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPEPSS 1.3%CVE-2025-34074CRITICALLucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File WriteEPSS 1.1%