Falhas do tipo CWE-311
301 resultadosCVE-2026-27944CRITICALNginx UI: Unauthenticated Backup Download with Encryption Key DisclosureEPSS 22.2%CVE-2026-34486HIGHApache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptorEPSS 15.4%CVE-2016-10593—ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacksEPSS 2.3%CVE-2017-16003—windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resoEPSS 2.3%CVE-2016-10663—wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerabEPSS 2.2%CVE-2016-10665—herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which lEPSS 2.2%CVE-2016-10642—cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may EPSS 2.1%CVE-2016-10649—frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code exEPSS 2.1%CVE-2016-10686—fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attaEPSS 2.1%CVE-2016-10624—selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary reEPSS 2.1%CVE-2016-10604—dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulneEPSS 2.1%CVE-2016-10628—selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources overEPSS 2.1%CVE-2016-10600—webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attaEPSS 2.1%CVE-2016-10694—alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binarEPSS 2.1%CVE-2016-10573—baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 downlEPSS 2.1%CVE-2016-10584—dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, wEPSS 2.1%CVE-2016-10622—nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable tEPSS 2.0%CVE-2016-10668—libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacEPSS 2.0%CVE-2016-10675—libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerabEPSS 2.0%CVE-2016-10679—selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standaEPSS 2.0%