CWE-807
High likelihoodReliance on Untrusted Inputs in a Security Decision
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
72 vulnerabilities with CWE-807
CVE-2024-51561
HIGH
Aero - Privilege Escalation
CVSS 7.5
CVE-2024-21510
MEDIUM
Rubygems Sinatra < 4.1.0 - SSRF
CVSS 5.4
CVE-2024-5754
HIGH
BT Encryption procedure host - Info Disclosure
CVSS 8.2
CVE-2024-28829
HIGH
Checkmk <2.3.0p12-2.0.0 - Privilege Escalation
CVSS 7.8
CVE-2024-7005
MEDIUM
Google Chrome <127.0.6533.72 - Auth Bypass
CVSS 4.3
CVE-2024-29039
CRITICAL
tpm2 <5.7 - Info Disclosure
CVSS 9.0
CVE-2024-28824
HIGH
Checkmk <2.3.0b4-2.0.0 - Privilege Escalation
CVSS 8.8
CVE-2023-46686
MEDIUM
Gallagher Diagnostics Service <1.3.0 - Privilege Escalation
CVSS 5.5
CVE-2023-45128
CRITICAL
Fiber < 2.50.0 - CSRF
CVSS 10.0
CVE-2023-0009
HIGH
Paloaltonetworks Palo Alto Networks GlobalProtect - Privilege Escalation
CVSS 7.8
CVE-2022-24400
HIGH
TETRA - Privilege Escalation
CVSS 7.5
CVE-2022-20744
MEDIUM
Cisco Firepower Management Center - Info Disclosure
CVSS 6.5
CVE-2021-36777
HIGH
openSUSE Build service <dc000cdfe9b9b715fb92195b1a57559362f689ef - ...
CVSS 8.1
CVE-2021-41129
HIGH
Pterodactyl - Auth Bypass
CVSS 8.1
CVE-2021-31999
HIGH
Rancher <2.5.9, <2.4.16 - Privilege Escalation
CVSS 8.8
CVE-2021-29479
HIGH
Ratpack <1.9.0 - SSRF
CVSS 7.0
CVE-2020-5252
MEDIUM
Python - Code Injection
CVSS 5.0
CVE-2019-25711
MEDIUM
SpotFTP Password Recover 2.4.2 Denial of Service via Name Field
CVSS 6.2
CVE-2019-25621
MEDIUM
Pixel Studio 2.17 Denial of Service via Malformed Input
CVSS 6.2
CVE-2019-25594
MEDIUM
ASPRunner.NET 10.1 Denial of Service via Table Name Field
CVSS 6.2
CVE-2019-25544
MEDIUM
Pidgin 2.13.0 Denial of Service via Malformed Username
CVSS 6.2
CVE-2017-0887
MEDIUM
Nextcloud Server <9.0.55,10.0.2 - Auth Bypass
CVSS 4.3
Details
Vulnerabilities
72
Exploit Likelihood
High