Falhas do tipo CWE-441
90 resultadosCVE-2025-61780MEDIUMRack has Possible Information Disclosure VulnerabilityEPSS 0.4%CVE-2026-30225MEDIUMOliveTin: RestartAction always runs actions as guestEPSS 0.4%CVE-2026-42043HIGHAxios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0EPSS 0.4%CVE-2025-25061MEDIUMUnintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remotEPSS 0.4%CVE-2026-42313HIGHpyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxyEPSS 0.4%CVE-2024-34068MEDIUMServer-side Request Forgery during remote file pull in Pterodactyl wingsEPSS 0.4%CVE-2026-39961MEDIUMAiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSourceEPSS 0.4%CVE-2024-30128HIGHAn open proxy vulnerability affects HCL Nomad server on DominoEPSS 0.4%CVE-2024-9870MEDIUMUnintended Proxy or Intermediary ('Confused Deputy') in GitLabEPSS 0.4%CVE-2023-33188MEDIUM Uncontrolled data used in content resolution EPSS 0.3%CVE-2026-33768MEDIUMAstro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`EPSS 0.3%CVE-2025-48710MEDIUMkro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to EPSS 0.3%CVE-2026-6993MEDIUMgo-kratos http.DefaultServeMux Fallback server.go NewServer confused deputyEPSS 0.3%CVE-2026-24471CRITICALImproper Validation in Conduit-derived homeservers resulting in Unintended Proxy or Intermediary ('Confused Deputy')EPSS 0.3%CVE-2026-53931MEDIUMNocoDB: Server-Side Request Forgery via Spreadsheet Import EndpointEPSS 0.3%CVE-2025-64123HIGHNuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS accessEPSS 0.3%CVE-2026-24470HIGHSkipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalNameEPSS 0.3%CVE-2026-27624HIGHCoturn: IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACLEPSS 0.3%CVE-2025-68944MEDIUMGitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.EPSS 0.3%CVE-2022-39349MEDIUMTasks.org vulnerable to data exfiltration by malicous app or adbEPSS 0.3%