Falhas do tipo CWE-913
69 resultadosCVE-2026-44336CRITICALPraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injectionEPSS 0.6%CVE-2026-47208CRITICALvm2: Sandbox Breakout Using Promise SpeciesEPSS 0.5%CVE-2026-47210CRITICALvm2 sandbox escape via JSPI-backed Promise `.finally()` species bypassEPSS 0.5%CVE-2026-53753CRITICALCrawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker APIEPSS 0.4%CVE-2026-7381CRITICALPlack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewritingEPSS 0.4%CVE-2025-61780MEDIUMRack has Possible Information Disclosure VulnerabilityEPSS 0.4%CVE-2026-1770MEDIUMImproper Control of Dynamically-Managed Code Resources in Crafter StudioEPSS 0.4%CVE-2026-47131CRITICALvm2: Sandbox EscapeEPSS 0.4%CVE-2025-14051MEDIUMyoulaitech youlai-mall addresses deleteAddress improper control of dynamically-identified variablesEPSS 0.4%CVE-2025-46673MEDIUMNASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space DEPSS 0.4%CVE-2025-13426HIGHImproper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code ExecutionEPSS 0.4%CVE-2026-47137CRITICALvm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCEEPSS 0.4%CVE-2023-35930LOWLookupResources may return partial results in spicedbEPSS 0.4%CVE-2025-6107LOWcomfyanonymous comfyui utils.py set_attr dynamically-determined object attributesEPSS 0.4%CVE-2025-14085MEDIUMyoulaitech youlai-mall orders improper control of dynamically-identified variablesEPSS 0.3%CVE-2023-4041CRITICALSecond Stage Gecko Bootloader GBL Parser Buffer Overrun VulnerabilityEPSS 0.3%CVE-2024-5401MEDIUMImproper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-EPSS 0.3%CVE-2021-42809MEDIUMThe Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link LibraryEPSS 0.3%CVE-2025-46675LOWIn NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.EPSS 0.3%CVE-2024-2537MEDIUMElectron Code Injection in Logi Tune macOS ApplicationEPSS 0.3%