Falhas do tipo CWE-915
100 resultadosCVE-2022-31106HIGHPrototype Pollution in underscore.deepEPSS 0.8%CVE-2026-5708HIGHImproper Control of User-Modifiable Attributes in RES CreateSession APIEPSS 0.8%CVE-2024-55637CRITICALDrupal core - Moderately critical - Gadget chain - SA-CORE-2024-007EPSS 0.8%CVE-2024-0404CRITICALMass Assignment Vulnerability in mintplex-labs/anything-llmEPSS 0.8%CVE-2023-32079HIGHNetmaker Privilige Escalation VulnerabilityEPSS 0.7%CVE-2023-0574MEDIUMServer-Side Request ForgeryEPSS 0.6%CVE-2025-69690CRITICALNetgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the EPSS 0.6%CVE-2025-30358HIGHMesop Class Pollution vulnerability leads to DoS and Jailbreak attacksEPSS 0.6%CVE-2025-2304CRITICALCamaleon CMS Privilege EscalationEPSS 0.6%CVE-2026-34427HIGHVvveb < 1.0.8.1 Privilege Escalation via admin/user/saveEPSS 0.6%CVE-2026-34208CRITICALSandboxJS: Sandbox integrity escapeEPSS 0.6%CVE-2026-41043MEDIUMApache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queuesEPSS 0.6%CVE-2025-69691CRITICALNetgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API callEPSS 0.5%CVE-2026-41139HIGHUnsafe array index getter in mathjsEPSS 0.5%CVE-2026-34406CRITICALAPTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit EndpointEPSS 0.5%CVE-2025-31674HIGHDrupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003EPSS 0.5%CVE-2026-27591CRITICALWinter: Privilege escalation by authenticated backend usersEPSS 0.5%CVE-2023-39983MEDIUMMXsecurity Register Database PollutionEPSS 0.5%CVE-2026-22814HIGHMass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM StateEPSS 0.5%CVE-2022-48359—The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability mayEPSS 0.5%