Falhas do tipo CWE-807
78 resultadosCVE-2025-66570CRITICALcpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)EPSS 0.3%CVE-2025-1969MEDIUMRequest approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity CenterEPSS 0.3%CVE-2026-43935HIGHe107: Host Header Injection in e107 password reset enables phishingEPSS 0.3%CVE-2026-1789MEDIUMA vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device viEPSS 0.3%CVE-2022-24400HIGHDCK pinning attack in TETRAEPSS 0.3%CVE-2025-11271MEDIUMEasy Digital Download <= 3.5.2 - Insufficient Verification to Order ManipulationEPSS 0.3%CVE-2026-41403MEDIUMOpenClaw < 2026.3.31 - Access Control Bypass via Proxied Remote Request MisclassificationEPSS 0.3%CVE-2026-32898MEDIUMOpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool MetadataEPSS 0.3%CVE-2025-10161HIGHAuthentication Bypass in Turkguven's PerfektiveEPSS 0.2%CVE-2025-55736CRITICALflaskBlog allows arbitrary privilege escalationEPSS 0.2%CVE-2025-1126CRITICALLexmark has identified a vulnerability in our Lexmark Print Management Client (LPMC).EPSS 0.2%CVE-2026-35624LOWOpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud TalkEPSS 0.2%CVE-2026-35670MEDIUMOpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology ChatEPSS 0.2%CVE-2025-66577MEDIUMcpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP TrustEPSS 0.2%CVE-2026-35617LOWOpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayNameEPSS 0.2%CVE-2026-35655MEDIUMOpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission ResolutionEPSS 0.2%CVE-2025-65328MEDIUMMega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validatingEPSS 0.2%CVE-2026-29134MEDIUMGINA Domain SwitchEPSS 0.2%CVE-2024-9310MEDIUMTraffic Alert and Collision Avoidance System (TCAS) II has a Reliance on Untrusted Inputs in a Security Decision vulnerabilityEPSS 0.2%CVE-2026-44649CRITICALSillyTavern: Authentication Bypass via SSO Header InjectionEPSS 0.2%