Falhas do tipo CWE-472
123 resultadosCVE-2021-27770MEDIUMHCL Sametime is vulnerable to arbitrary HTTP requestsEPSS 0.7%CVE-2026-2649HIGHInteger overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a craftEPSS 0.6%CVE-2024-7025HIGHInteger overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crEPSS 0.6%CVE-2023-28512MEDIUMIBM Watson CP4D Data Stores improper input validationEPSS 0.5%CVE-2025-29788MEDIUMSylius PayPal Plugin Payment Amount Manipulation VulnerabilityEPSS 0.5%CVE-2026-3536HIGHInteger overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory accEPSS 0.5%CVE-2025-43930CRITICALHashview 0.8.1 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the EPSS 0.5%CVE-2026-2519MEDIUMOnline Scheduling and Appointment Booking System – Bookly <= 27.0 - Unauthenticated Price Manipulation via 'tips'EPSS 0.5%CVE-2025-3530HIGHWordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price ManipulationEPSS 0.4%CVE-2024-50703MEDIUMTeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.EPSS 0.4%CVE-2026-3538HIGHInteger overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory acceEPSS 0.4%CVE-2024-6010MEDIUMCost Calculator Builder PRO <= 3.2.1 - Unauthenticated Price ManipulationEPSS 0.4%CVE-2025-47817HIGHIn BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter.EPSS 0.4%CVE-2025-27893LOWIn Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such aEPSS 0.4%CVE-2025-47245HIGHIn BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.EPSS 0.4%CVE-2025-22384HIGHAn issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the CEPSS 0.4%CVE-2023-38520MEDIUMWordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter TamperingEPSS 0.4%CVE-2025-0436HIGHInteger overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafEPSS 0.4%CVE-2025-66385CRITICALUsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a highEPSS 0.4%CVE-2025-67846MEDIUMThe Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgradEPSS 0.4%