Falhas do tipo CWE-472
124 resultadosCVE-2025-43933CRITICALfblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends EPSS 0.4%CVE-2024-9123HIGHInteger overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crEPSS 0.4%CVE-2026-10965HIGHInteger overflow in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox viEPSS 0.4%CVE-2026-10964HIGHInteger overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crEPSS 0.4%CVE-2026-10963HIGHInteger overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crEPSS 0.4%CVE-2026-10987HIGHInteger overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crEPSS 0.4%CVE-2024-12123MEDIUMUnauthorized Modification of Ticket RequesterEPSS 0.4%CVE-2023-24373LOWWordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerabilityEPSS 0.4%CVE-2026-5859HIGHInteger overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a craEPSS 0.4%CVE-2026-3914HIGHInteger overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a craEPSS 0.3%CVE-2026-7571HIGHKeycloak: keycloak: access token disclosure and implicit flow bypass via forged client dataEPSS 0.3%CVE-2026-4679HIGHInteger overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a EPSS 0.3%CVE-2025-3743MEDIUMUpsell Funnel Builder for WooCommerce <= 3.0.0 - Unauthenticated Order ManipulationEPSS 0.3%CVE-2025-8198HIGHMinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price ManipulationEPSS 0.3%CVE-2025-30236HIGHShearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) EPSS 0.3%CVE-2026-5274HIGHInteger overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted EPSS 0.3%CVE-2026-41353HIGHOpenClaw < 2026.3.22 - allowProfiles Bypass via Profile Mutation and Runtime SelectionEPSS 0.3%CVE-2026-10986HIGHInteger overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via aEPSS 0.3%CVE-2026-32699MEDIUMFacturaScripts unauthorized modification of immutable nick field via EditUser controllerEPSS 0.3%CVE-2025-30152MEDIUMSylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal CheckoutEPSS 0.3%