CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
203 vulnerabilities with CWE-829
CVE-2026-28135
WP Royal Elementor Addons <=1.7.1049 - Auth Bypass
CVE-2026-1628
MEDIUM
Mattermost Desktop App <=5.13.3 - Open Redirect
CVSS 4.6
CVE-2026-26862
HIGH
CleverTap Web SDK <1.15.2 - XSS
CVSS 8.3
CVE-2026-28372
HIGH
GNU inetutils <=2.7 - Privilege Escalation
CVSS 7.4
CVE-2026-27941
CRITICAL
OpenLIT <1.37.1 - Privilege Escalation
CVSS 9.9
CVE-2026-27615
HIGH
ADB Explorer <Beta 0.9.26022 - Command Injection
CVSS 7.8
CVE-2026-26974
CRITICAL
Slyde <=0.0.4 - Code Injection
CVSS 9.8
CVE-2026-26959
HIGH
ADB Explorer <=0.9.26020 - Command Injection
CVSS 7.8
CVE-2026-22208
CRITICAL
OpenS100 <753cf29 - RCE
CVSS 9.6
CVE-2026-26079
MEDIUM
Roundcube Webmail <1.5.13 & <1.6.13 - XSS
CVSS 4.7
CVE-2026-25931
HIGH
vscode-spell-checker <4.5.4 - Info Disclosure
CVSS 7.8
CVE-2026-1699
CRITICAL
Eclipse Theia Website - Code Injection
CVSS 10.0
CVE-2026-0770
CRITICAL
Langflow - RCE
CVSS 9.8
CVE-2026-22865
HIGH
Gradle <9.3.0 - Info Disclosure
CVSS 7.4
CVE-2026-22816
HIGH
Gradle <9.3.0 - Info Disclosure
CVSS 7.4
CVE-2025-68924
HIGH
Umbraco UmbracoForms <8.13.16 - Authenticated RCE
CVSS 7.5
CVE-2025-70974
CRITICAL
Fastjson <1.2.48 - JNDI Injection
CVSS 10.0
CVE-2020-36924
MEDIUM
Sony BRAVIA Digital Signage 1.7.8 - RCE
CVSS 6.1
CVE-2020-36905
HIGH
FIBARO System Home Center 5.021 - RCE
CVSS 7.5
CVE-2025-69257
MEDIUM
Crates.io Theshit < 0.1.1 - Improper Access Control
CVSS 6.7
CVE-2025-67842
MEDIUM
Mintlify Platform <2025-11-15 - XSS
CVSS 6.4
CVE-2025-68162
LOW
JetBrains TeamCity <2025.11 - Code Injection
CVSS 2.7
CVE-2025-67900
HIGH
NXLog Agent <6.11 - Code Injection
CVSS 8.1
CVE-2025-65964
HIGH
n8n <1.119.1 - RCE
CVSS 8.8
CVE-2025-53841
HIGH
Akamai Guardicore Platform Agent for Windows <49.20.1-52.2.0 - Priv...
CVSS 7.8
Details
Vulnerabilities
203