Falhas do tipo CWE-75
34 resultadosCVE-2026-31908CRITICALApache APISIX: forward auth plugin allows header injectionEPSS 0.5%CVE-2024-27708CRITICALIframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary EPSS 0.5%CVE-2024-39243CRITICALAn issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_saEPSS 0.5%CVE-2022-4721MEDIUMFailure to Sanitize Special Elements into a Different Plane (Special Element Injection) in ikus060/rdiffwebEPSS 0.5%CVE-2024-23268HIGHAn injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS VentEPSS 0.4%CVE-2024-23274HIGHAn injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS VentEPSS 0.4%CVE-2022-3607MEDIUMFailure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprintEPSS 0.4%CVE-2024-31806MEDIUMTOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which cEPSS 0.4%CVE-2024-24257HIGHAn issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information vEPSS 0.4%CVE-2023-0302HIGHFailure to Sanitize Special Elements into a Different Plane (Special Element Injection) in radareorg/radare2EPSS 0.4%CVE-2024-9940MEDIUMCalculated Fields Form <= 5.2.45 - HTML InjectionEPSS 0.4%CVE-2024-31812MEDIUMIn TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtEPSS 0.3%CVE-2025-61911MEDIUMpython-ldap has sanitization bypass in ldap.filter.escape_filter_charsEPSS 0.3%CVE-2026-27120MEDIUMLeaf-kit html escaping does not work on characters that are part of extended grapheme clusterEPSS 0.2%