CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
230 vulnerabilities with CWE-829
CVE-2025-36852
CRITICAL
Remote Cache Extensions - RCE
CVE-2025-39507
HIGH
Nasa Core <6.3.2 - Code Injection
CVSS 7.5
CVE-2025-20236
HIGH
Cisco Webex App - Open Redirect
CVSS 8.8
CVE-2025-33027
MEDIUM
Bandisoft Bandizip <7.37 - Info Disclosure
CVSS 6.1
CVE-2025-33026
MEDIUM
PeaZip <10.4.0 - Info Disclosure
CVSS 6.1
CVE-2025-27607
HIGH
Python JSON Logger <4 Mar 2025 - RCE
CVSS 8.8
CVE-2025-24796
MEDIUM
Collabora Online - Code Injection
CVE-2025-27668
CRITICAL
Vasion Print <22.0.843 - XSS
CVSS 9.8
CVE-2025-27510
CRITICAL
conda-forge-metadata - RCE
CVE-2025-0982
CRITICAL
Google Cloud App Integ - Sandbox Escape
CVSS 10.0
CVE-2024-32011
HIGH
Spectrum Power 4 <V4.70 SP12 Update 2 - Command Injection
CVSS 8.8
CVE-2024-52976
MEDIUM
Elastic Agent subprocess - Code Injection
CVSS 4.4
CVE-2024-45482
HIGH
B&R APROL <4.4-00P1 - Command Injection
CVE-2024-13353
HIGH
Responsive Addons for Elementor <1.6.4 - Local File Inclusion
CVSS 8.8
CVE-2024-31144
LOW
Xapi - Info Disclosure
CVSS 3.8
CVE-2024-49649
CRITICAL
Abdul Hakeem Build App Online <1.0.23 - Code Injection
CVSS 9.8
CVE-2024-56216
MEDIUM
Themify Themify Builder <7.6.3 - Code Injection
CVSS 6.5
CVE-2024-54663
HIGH
Zimbra Collaboration <10.1 - Local File Inclusion
CVSS 7.5
CVE-2024-48336
HIGH
Magisk App < canary 27007 - Privilege Escalation
CVSS 8.4
CVE-2024-50497
HIGH
BuyNowDepot Advanced Online Ordering & Delivery - Code Injection
CVSS 8.1
CVE-2024-49243
HIGH
Jon Vincent Mendoza Dynamic Elementor Addons <1.0.0 - Code Injection
CVSS 7.5
CVE-2024-30092
HIGH
Windows Hyper-V < - RCE
CVSS 8.0
CVE-2024-45416
HIGH
ZTE Router - Local File Inclusion
CVSS 8.1
CVE-2024-43690
HIGH
Command Centre Server/Workstations <9.10-8.70 - RCE
CVSS 8.0
CVE-2024-8252
HIGH
Clean Login <1.14.5 - Code Injection
CVSS 8.8
Details
Vulnerabilities
230