Falhas do tipo CWE-940
52 resultadosCVE-2024-20390MEDIUMCisco IOS XR Software Dedicated XML Agent TCP Denial of Service VulnerabilityEPSS 0.4%CVE-2025-40820HIGHAffected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This EPSS 0.4%CVE-2024-40503MEDIUMAn issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packetEPSS 0.4%CVE-2024-49579HIGHIn JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requestsEPSS 0.4%CVE-2024-37662MEDIUMTP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijacEPSS 0.4%CVE-2024-37664MEDIUMRedmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijackEPSS 0.4%CVE-2026-35643HIGHOpenClaw < 2026.3.22 - Arbitrary Code Execution via Unvalidated WebView JavascriptInterfaceEPSS 0.4%CVE-2024-1621HIGHuniFLOW Online device registration susceptible to compromiseEPSS 0.4%CVE-2024-40516HIGHAn issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the RoutingEPSS 0.3%CVE-2026-45245MEDIUMSummarize < 0.15.1 Unauthorized Daemon Request via Untrusted EventsEPSS 0.3%CVE-2026-48745CRITICALTraccar Client: silent configuration hijack via unverified deep link redirects all GPS telemetryEPSS 0.3%CVE-2024-7322MEDIUMDos in ZigBee device due to unsolicited encrypted rejoin responseEPSS 0.3%CVE-2026-54106MEDIUMU.S. GAO EPDS and CBCA EDS network access control bypassEPSS 0.3%CVE-2024-37663MEDIUMRedmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the tEPSS 0.3%CVE-2026-33875CRITICALAuthenticator Vulnerable to Authentication Flow HijackEPSS 0.3%CVE-2025-59159CRITICALSillyTavern Web Interface Vulnerable to DNS RebindingEPSS 0.2%CVE-2025-23222HIGHAn issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, EPSS 0.2%CVE-2026-40434HIGHAnviz CrossChex Standard Improper Verification of Source of a Communication ChannelEPSS 0.2%CVE-2025-25305HIGHSSL validation for outgoing requests in Home Assistant Core and used libs not correctEPSS 0.2%CVE-2026-43880MEDIUMWWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From AddressEPSS 0.2%