CWE-829

Inclusion of Functionality from Untrusted Control Sphere

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

257 vulnerabilities with CWE-829
CVE-2026-26862 HIGH
CleverTap Web SDK < 1.15.2 - DOM-based Cross-Site Scripting via Window PostMessage Origin Validation Bypass
CVSS 8.3
CVE-2026-28372 HIGH
GNU inetutils <=2.7 - Privilege Escalation
CVSS 7.4
CVE-2026-27941 CRITICAL
OpenLIT <1.37.1 - Privilege Escalation
CVSS 9.9
CVE-2026-27615 HIGH
ADB Explorer <Beta 0.9.26022 - Command Injection
CVSS 7.8
CVE-2026-26974 CRITICAL
Slyde < 0.0.5 - Remote Code Execution via Malicious Plugin File Import
CVSS 9.8
CVE-2026-26959 HIGH
ADB Explorer <=0.9.26020 - Command Injection
CVSS 7.8
CVE-2026-22208 CRITICAL
OpenS100 < 753cf29 - Remote Code Execution via Unrestricted Lua Standard Library Access
CVSS 9.6
CVE-2026-26079 MEDIUM
Roundcube Webmail <1.5.13 & <1.6.13 - XSS
CVSS 4.7
CVE-2026-25931 HIGH
vscode-spell-checker <4.5.4 - Info Disclosure
CVSS 7.8
CVE-2026-1699 CRITICAL
Eclipse Theia Website - Code Injection
CVSS 10.0
CVE-2026-0770 CRITICAL
Langflow validate exec_globals - Unauthenticated Root Code Execution
CVSS 9.8
CVE-2026-22865 HIGH
Gradle < 8.14.4 - Dependency Resolution Bypass via Non-Fatal Repository Exception Handling
CVSS 7.4
CVE-2026-22816 HIGH
Gradle < 8.14.4 - Dependency Resolution Bypass via Unresolvable Host Name
CVSS 7.4
CVE-2025-39666 HIGH
omd: Local privilege escalation when executing omd commands as root
CVSS 7.3
CVE-2025-15612 MEDIUM
Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE
CVSS 4.8
CVE-2025-55273 MEDIUM
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability
CVSS 4.3
CVE-2025-70046 CRITICAL
Miazzy oa-front-service master - Code Injection
CVSS 9.8
CVE-2025-68924 HIGH
Umbraco UmbracoForms <8.13.16 - Authenticated RCE
CVSS 7.5
CVE-2025-70974 CRITICAL
Fastjson < 1.2.48 - Remote Code Execution via AutoType Deserialization
CVSS 10.0
CVE-2025-69257 MEDIUM
theshit < 0.1.1 - Privilege Escalation via Untrusted Configuration File Execution
CVSS 6.7
CVE-2025-67842 MEDIUM
Mintlify Platform <2025-11-15 - XSS
CVSS 6.4
CVE-2025-68162 LOW
JetBrains TeamCity <2025.11 - Code Injection
CVSS 2.7
CVE-2025-67900 HIGH
NXLog Agent < 6.11 - Untrusted Functionality Inclusion via OPENSSL_CONF Environment Variable
CVSS 8.1
CVE-2025-65964 HIGH
n8n 0.123.1-1.119.1 - Remote Code Execution via Git Hook Path Manipulation
CVSS 8.8
CVE-2025-53841 HIGH
Akamai Guardicore Platform Agent for Windows <49.20.1-52.2.0 - Priv...
CVSS 7.8
Details
Vulnerabilities 257
Links
MITRE CWE Entry Search this CWE With Exploits