CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
230 vulnerabilities with CWE-829
CVE-2025-66022
CRITICAL
FACTION <1.7.1 - RCE
CVSS 9.6
CVE-2025-33205
HIGH
NVIDIA NeMo - Code Execution
CVSS 7.3
CVE-2025-64496
HIGH
Openwebui Open Webui < 0.6.35 - Remote Code Execution
CVSS 7.3
CVE-2025-12509
HIGH
BRAIN2 - Privilege Escalation
CVSS 8.4
CVE-2025-62726
HIGH
N8n < 1.113.0 - Remote Code Execution
CVSS 8.8
CVE-2025-11023
CRITICAL
AcBakImzala <5.1.4 - Code Injection
CVSS 9.8
CVE-2025-41390
HIGH
Truffle Security Co. TruffleHog <3.90.2 - RCE
CVSS 7.8
CVE-2025-52655
LOW
HCL MyXalytics <6.6 - Code Injection
CVSS 3.1
CVE-2025-62186
MEDIUM
Ankiect's Anki <25.02.5 - Command Injection
CVSS 6.7
CVE-2025-36355
HIGH
IBM Security Verify Access <11.0.2 - RCE
CVSS 8.5
CVE-2025-61592
HIGH
Cursor <1.7 - RCE
CVSS 8.8
CVE-2025-59828
CRITICAL
Anthropic Claude Code < 1.0.39 - Missing Authorization
CVSS 9.8
CVE-2025-59535
MEDIUM
Dnnsoftware Dotnetnuke < 10.1.0 - Information Disclosure
CVSS 6.5
CVE-2025-55305
MEDIUM
Electron <38.0.0-beta.6 - ASAR Integrity Bypass
CVSS 6.1
CVE-2025-57729
MEDIUM
JetBrains IntelliJ IDEA <2025.2 - DoS
CVSS 6.5
CVE-2025-8714
HIGH
PostgreSQL <17.6, <16.10, <15.14, <14.19, <13.22 - Code Injection
CVSS 8.8
CVE-2025-54135
HIGH
Cursor <1.3.9 - Code Injection
CVSS 8.5
CVE-2025-36727
HIGH
Simplehelp <5.5.12 - Info Disclosure
CVSS 8.3
CVE-2025-54558
MEDIUM
OpenAI Codex CLI <0.9.0 - Code Injection
CVSS 4.1
CVE-2025-27582
HIGH
One Identity Password Manager <5.14.4 - Privilege Escalation
CVSS 7.6
CVE-2025-53546
CRITICAL
Folo - Code Injection
CVSS 9.1
CVE-2025-49809
HIGH
mtr <0.95 - Privilege Escalation
CVSS 7.8
CVE-2025-34074
CRITICAL
Lucee - RCE
CVE-2025-34060
CRITICAL
Monero Project's Laravel-based forum < - Code Injection
CVE-2025-32463
CRITICAL
KEV
Sudo <1.9.17p1 - Privilege Escalation
CVSS 9.3
Details
Vulnerabilities
230