Falhas do tipo CWE-424

32 resultados

CVE-2024-58136CRITICALYii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited iEPSS 87.7%KEV CVE-2025-48827CRITICALvBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when runningEPSS 69.6%CVE-2025-48828CRITICALCertain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By cEPSS 48.4%CVE-2019-18997MEDIUMPB610 HMISimulator provides interface with access to arbitrary filesEPSS 1.5%CVE-2023-20272MEDIUMA vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to uplEPSS 0.9%CVE-2021-3793MEDIUMAn improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated EPSS 0.7%CVE-2026-4913MEDIUMImproper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access whenEPSS 0.6%CVE-2024-8311MEDIUMImproper Protection of Alternate Path in GitLabEPSS 0.5%CVE-2024-3927MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email BypassEPSS 0.4%CVE-2019-18996HIGHABB PB610 HMIStudio accepts malicious DLL file in an applicationEPSS 0.4%CVE-2025-68939HIGHGitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.EPSS 0.3%CVE-2022-1742MEDIUM2.2.4 IMPROPER PROTECTION OF ALTERNATE PATH CWE-424EPSS 0.3%CVE-2024-3460HIGHIn KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing EPSS 0.3%CVE-2024-3459HIGHKioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened EPSS 0.3%CVE-2025-58079MEDIUMImproper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create maliciousEPSS 0.3%CVE-2025-0113MEDIUMCortex XDR Broker VM: Unauthorized Access to Broker VM Docker ContainersEPSS 0.2%CVE-2023-5165HIGHDocker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shellEPSS 0.2%CVE-2023-0629HIGHDocker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containersEPSS 0.2%CVE-2025-46654MEDIUMCodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploadiEPSS 0.2%CVE-2025-46655MEDIUMCodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be byEPSS 0.2%

← anteriorpágina 1 / 2próxima →