Falhas do tipo CWE-183
37 resultadosCVE-2026-40899HIGHDataEase has an Arbitrary File Read VulnerabilityEPSS 0.4%CVE-2026-32881MEDIUMewe has an Overly Permissive List of Allowed InputsEPSS 0.4%CVE-2026-33979HIGHExpress XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)EPSS 0.4%CVE-2024-47565MEDIUMA vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate tEPSS 0.4%CVE-2024-38522MEDIUMCSP bypass in Hush LineEPSS 0.3%CVE-2026-4509MEDIUMPbootCMS File Upload file.php incomplete blacklistEPSS 0.3%CVE-2026-35649MEDIUMOpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty AllowlistEPSS 0.3%CVE-2026-41240MEDIUMDOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)EPSS 0.3%CVE-2026-11525LOWundici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matchingEPSS 0.2%CVE-2026-43574MEDIUMOpenClaw < 2026.4.12 - Improper Authorization via Empty Approver ListsEPSS 0.2%CVE-2026-41387HIGHOpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment SanitizationEPSS 0.2%CVE-2026-50189HIGHAppsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy RouteEPSS 0.2%CVE-2026-42042MEDIUMAxios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean CoercionEPSS 0.2%CVE-2026-44111LOWOpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_getEPSS 0.2%CVE-2026-8918HIGHA permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or EPSS 0.2%CVE-2026-2303MEDIUMHeap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leakEPSS 0.2%CVE-2026-2302MEDIUMUnsafe Reflection in Mongoid::Criteria.from_hashEPSS 0.2%