CWE-693

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

550 vulnerabilities with CWE-693
CVE-2026-29649 CRITICAL
NEMU - Denial of Service via RISC-V Hypervisor CSR Handling Flaw
CVSS 9.8
CVE-2026-32225 HIGH
Windows Shell Security Feature Bypass Vulnerability
CVSS 8.8
CVE-2026-32202 MEDIUM KEV
Windows Shell Spoofing Vulnerability
CVSS 4.3
CVE-2026-22692 MEDIUM
October CMS: Twig Sandbox Bypass via Collection Methods
CVSS 4.9
CVE-2026-39419 LOW
MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing
CVSS 3.1
CVE-2026-39421 MEDIUM
MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect
CVSS 6.3
CVE-2026-39420 MEDIUM
MaxKB: Sandbox escape via LD_PRELOAD bypass
CVSS 6.3
CVE-2026-40311 MEDIUM
ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing values
CVSS 5.5
CVE-2026-40158 HIGH
PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai
CVSS 8.6
CVE-2026-5911 MEDIUM
Google Chrome <147.0.7727.55 - Policy Bypass
CVSS 4.3
CVE-2026-5903 MEDIUM
Google Chrome <147.0.7727.55 - Policy Bypass
CVSS 6.5
CVE-2026-5900 MEDIUM
Google Chrome <147.0.7727.55 - Policy Bypass
CVSS 4.3
CVE-2026-5896 MEDIUM
Google Chrome <147.0.7727.55 - Policy Bypass
CVSS 6.1
CVE-2026-39888 CRITICAL
PraisonAIAgents <1.5.115 execute_code - Sandbox Escape
CVSS 9.9
CVE-2026-35408 HIGH
Directus is Missing Cross-Origin Opener Policy
CVSS 8.7
CVE-2026-34208 CRITICAL
SandboxJS: Sandbox integrity escape
CVSS 10.0
CVE-2026-34938 CRITICAL
PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
CVSS 10.0
CVE-2026-34072 HIGH
cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution
CVSS 8.3
CVE-2026-5276 MEDIUM
Google Chrome <146.0.7680.178 - Info Disclosure
CVSS 6.5
CVE-2026-27893 HIGH
vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out
CVSS 8.8
CVE-2026-33622 HIGH
A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
CVSS 8.8
CVE-2026-33396 CRITICAL
OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe
CVSS 9.9
CVE-2026-20701 HIGH
macOS <14.8.5 - Privilege Escalation
CVSS 7.5
CVE-2026-20665 MEDIUM
Safari < 26.4 - Content Security Policy Bypass via Malicious Web Content
CVSS 6.5
CVE-2026-32947 MEDIUM
Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)
CVSS 4.9
Details
Vulnerabilities 550
Links
MITRE CWE Entry Search this CWE With Exploits