Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-807

CWE-807

High likelihood

Reliance on Untrusted Inputs in a Security Decision

Parent: CWE-693 - Protection Mechanism Failure

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

76 vulnerabilities with CWE-807

CVE-2026-21509 HIGH KEV

Microsoft 365 Apps and Office - Security Feature Bypass via Untrusted Input

CVE-2026-23848 MEDIUM

MyTube < 1.7.71 - Unauthenticated Rate Limit Bypass via X-Forwarded-For Header Spoofing

CVE-2026-20849 HIGH

Windows Kerberos - Privilege Escalation

CVE-2025-13926 CRITICAL

Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision

CVE-2025-65328 MEDIUM

mega-fence < 25.1.914 - IP Spoofing via X-Forwarded-For Header

CVE-2025-66507 HIGH

1Panel < 2.0.14 - Unauthenticated CAPTCHA Bypass via Client-Controlled Parameter

CVE-2025-66577 MEDIUM

cpp-httplib <0.27.0 - Log Poisoning

CVE-2025-66570 CRITICAL

cpp-httplib <0.27.0 - Info Disclosure

CVE-2025-10161 HIGH

Turkguven Software Technologies Inc. Perfektive <12574.2701 - Auth ...

CVE-2025-12488 CRITICAL

oobabooga text-generation-webui - RCE

CVE-2025-12487 CRITICAL

oobabooga text-generation-webui - RCE

CVE-2025-11271 MEDIUM

Easy Digital Downloads <3.5.2 - Order Manipulation

CVE-2025-53717 HIGH

Windows VBS Enclave - Privilege Escalation

CVE-2025-59152 HIGH

Litestar 2.17.0 - Rate Limit Bypass via X-Forwarded-For Header Manipulation

CVE-2025-55736 MEDIUM

flaskBlog <2.8.0 - Privilege Escalation

CVE-2025-55735 MEDIUM

FlaskBlog < 2.8.0 - Stored Cross-Site Scripting via Post Content

CVE-2025-53882 MEDIUM

openSUSE mailman3 logrotate - Arbitrary Process Signal

CVE-2025-49827 CRITICAL

Conjur 1.19.5-1.22.0 and 13.1-13.5 - IAM Authenticator Bypass via Malformed Regular Expression

CVE-2025-0117 HIGH

GlobalProtect <unknown - Privilege Escalation

CVE-2025-1969 MEDIUM

AWS TEAM for IAM Identity Center < 1.2.2 - Request Spoofing via Input Validation Bypass

CVE-2025-1126 CRITICAL

Lexmark Print Management Client - RCE

CVE-2025-24369 LOW

Anubis < v1.11.0-37 - Client-Specified Difficulty Bot Protection Bypass

CVE-2024-13974 HIGH

Sophos Firewall < 21.0.1 - Remote Code Execution via Up2Date DNS Control

CVE-2024-55354 HIGH

Lucee <5.4.7.3 LTS & 6 <6.1.1.118 - Code Injection

CVE-2024-52327 MEDIUM

ECOVACS Home < 3.0.2 - Authenticated PIN Bypass for Live Video Feed Access

Previous Page 2 of 4 Next

Details

Vulnerabilities 76

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy