Falhas do tipo CWE-436
76 resultadosCVE-2025-12816HIGHCVE-2025-12816EPSS 0.7%CVE-2024-38428CRITICALurl.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in whiEPSS 0.7%CVE-2022-0011MEDIUMPAN-OS: URL Category Exceptions Match More URLs Than Intended in URL FilteringEPSS 0.7%CVE-2022-29254LOWFailed payment recorded has completed in silverstripe/silverstripe-omnipayEPSS 0.6%CVE-2024-24754LOWBref Body Parsing Inconsistency in Event-Driven FunctionsEPSS 0.6%CVE-2023-36456HIGHAuthentik lacks Proxy IP headers validationEPSS 0.6%CVE-2024-34478HIGHbtcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failuEPSS 0.6%CVE-2026-25223HIGHFastify's Content-Type header tab character allows body validation bypassEPSS 0.5%CVE-2023-22735MEDIUMUser uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulipEPSS 0.5%CVE-2026-6270CRITICAL@fastify/middie vulnerable to middleware authentication bypass in child plugin scopesEPSS 0.5%CVE-2022-36048MEDIUMIP address leak via image proxy bypass in Zulip ServerEPSS 0.5%CVE-2026-33808CRITICAL@fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)EPSS 0.5%CVE-2025-24013MEDIUMCodeIgniter validation of header name and valueEPSS 0.5%CVE-2023-49284LOWCommand substitution output can trigger shell expansion in fish shellEPSS 0.5%CVE-2022-48230HIGHThere is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS.EPSS 0.5%CVE-2022-48261HIGHThere is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation of this vulnerability may cause theEPSS 0.5%CVE-2022-48471HIGHThere is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer sEPSS 0.4%CVE-2024-29034MEDIUMCarrierWave's Content-Type allowlist bypass vulnerability which possibly leads to XSS remainedEPSS 0.4%CVE-2024-3386MEDIUMPAN-OS: Predefined Decryption Exclusions Does Not Work as IntendedEPSS 0.4%CVE-2026-33807CRITICAL@fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopesEPSS 0.4%