Falhas do tipo CWE-1188
171 resultadosCVE-2026-43892HIGHAntSword: Incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injectionEPSS 0.3%CVE-2026-41432HIGHNew API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota FraudEPSS 0.3%CVE-2023-48733MEDIUMAn insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure BootEPSS 0.3%CVE-2026-48502HIGHMessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflowsEPSS 0.3%CVE-2024-5801MEDIUMIP Forwarding enabled in B&R Automation RuntimeEPSS 0.3%CVE-2021-33130MEDIUMInsecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated useEPSS 0.2%CVE-2026-34780HIGHElectron: Context Isolation bypass via contextBridge VideoFrame transferEPSS 0.2%CVE-2026-41931MEDIUMVvveb < 1.0.8.2 Information Disclosure via Debug Exception HandlerEPSS 0.2%CVE-2026-48509MEDIUMMessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodiesEPSS 0.2%CVE-2025-31930HIGHA vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ EPSS 0.2%CVE-2025-43797MEDIUMIn Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through EPSS 0.2%CVE-2026-40994HIGHWss4jSecurityInterceptor disables WS-I BSP validation by defaultEPSS 0.2%CVE-2022-24287HIGHA vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 VEPSS 0.2%CVE-2026-33072HIGHFileRise: Default Encryption Key Enables Token Forgery and Config DecryptionEPSS 0.2%CVE-2025-29985MEDIUMDell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the EPSS 0.2%CVE-2026-20265MEDIUMInsecure Default Domain Allowlist in Splunk AI ToolkitEPSS 0.2%CVE-2026-43581CRITICALOpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay BindingEPSS 0.2%CVE-2025-62802MEDIUMDNN CKEditor Provider allows unauthenticated upload out-of-the-boxEPSS 0.2%CVE-2024-8313HIGHDefault or Guessable SNMP community names in B&R APROLEPSS 0.2%CVE-2025-43015HIGHIn JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfacesEPSS 0.2%