Falhas do tipo CWE-345
365 resultadosCVE-2023-35719MEDIUMManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass VulnerabilityEPSS 19.9%CVE-2022-26871CRITICALAn arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary filEPSS 19.6%KEVCVE-2024-5458MEDIUMFilter bypass in filter_var (FILTER_VALIDATE_URL)EPSS 12.1%CVE-2026-21527MEDIUMMicrosoft Exchange Server Spoofing VulnerabilityEPSS 9.5%CVE-2025-59934CRITICALFormbricks missing JWT signature verificationEPSS 8.0%CVE-2023-5482HIGHInsufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory accesEPSS 7.1%CVE-2020-11985—IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewEPSS 5.9%CVE-2025-51471MEDIUMCross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and EPSS 3.8%CVE-2022-20829CRITICALCisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution VulnerabilityEPSS 3.2%CVE-2021-1586HIGHCisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service VulnerabilityEPSS 2.5%CVE-2022-22994HIGHInsufficient Verification of Data Authenticity Remote Code Execution Vulnerability on Western Digital My Cloud devices.EPSS 1.9%CVE-2024-23922MEDIUMSony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution VulnerabilityEPSS 1.7%CVE-2017-3198—GIGABYTE BRIX UEFI firmware is not cryptographically signedEPSS 1.6%CVE-2024-45410CRITICALHTTP client can remove the X-Forwarded headers in TraefikEPSS 1.5%CVE-2022-31800CRITICALInsufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllersEPSS 1.5%CVE-2014-5406—Hospira LifeCare PCA Infusion SystemEPSS 1.2%CVE-2019-10181MEDIUMIt was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising thEPSS 1.1%CVE-2021-36367HIGHPuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it EPSS 1.1%CVE-2024-39689HIGHCertifi removes GLOBALTRUST root certificateEPSS 1.0%CVE-2022-31801CRITICALInsufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering toolEPSS 1.0%