CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
257 vulnerabilities with CWE-829
CVE-2025-36852
CRITICAL
Nx Remote Cache Extensions - Pull Request Cache Poisoning
CVE-2025-39507
HIGH
NasaTheme Nasa Core < 6.4.4 - PHP Local File Inclusion
CVSS 7.5
CVE-2025-20236
HIGH
Cisco Webex App - Unauthenticated Remote Code Execution via Crafted Meeting Invite Link
CVSS 8.8
CVE-2025-33027
MEDIUM
Bandisoft Bandizip <7.37 - Info Disclosure
CVSS 6.1
CVE-2025-33026
MEDIUM
PeaZip < 10.4.0 - Mark-of-the-Web Bypass via Archive Extraction
CVSS 6.1
CVE-2025-27607
HIGH
Python JSON Logger <4 Mar 2025 - RCE
CVSS 8.8
CVE-2025-24796
MEDIUM
Collabora Online <22.05.25, 23.05.1-23.05.18, 24.04.1.1-24.04.12.3 - Arbitrary Binary Execution via Macro
CVE-2025-27668
CRITICAL
Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Arbitrary Content Inclusion via Iframe
CVSS 9.8
CVE-2025-27510
CRITICAL
conda-forge-metadata <= 0.4.1 - Dependency Confusion Code Execution
CVE-2025-0982
CRITICAL
Google Cloud App Integ - Sandbox Escape
CVSS 10.0
CVE-2024-32011
HIGH
Spectrum Power 4 <V4.70 SP12 Update 2 - Command Injection
CVSS 8.8
CVE-2024-52976
MEDIUM
Elastic Agent subprocess - Code Injection
CVSS 4.4
CVE-2024-45482
HIGH
B&R APROL <4.4-00P1 - Command Injection
CVE-2024-13353
HIGH
Responsive Addons for Elementor <1.6.4 - Local File Inclusion
CVSS 8.8
CVE-2024-31144
LOW
Xapi 1.249.0-1.249.36 - Unauthenticated Metadata Backup Manipulation via VDI UUID Sorting
CVSS 3.8
CVE-2024-49649
CRITICAL
Abdul Hakeem Build App Online <1.0.23 - Code Injection
CVSS 9.8
CVE-2024-56216
MEDIUM
Themify Themify Builder <7.6.3 - Code Injection
CVSS 6.5
CVE-2024-54663
HIGH
Zimbra Collaboration <10.1 - Local File Inclusion
CVSS 7.5
CVE-2024-48336
HIGH
Magisk App < canary 27007 - Privilege Escalation
CVSS 8.4
CVE-2024-50497
HIGH
BuyNowDepot Advanced Online Ordering & Delivery - Code Injection
CVSS 8.1
CVE-2024-49243
HIGH
Jon Vincent Mendoza Dynamic Elementor Addons <1.0.0 - Code Injection
CVSS 7.5
CVE-2024-30092
HIGH
Windows Hyper-V - Remote Code Execution
CVSS 8.0
CVE-2024-45416
HIGH
ZTE Routers - Remote Code Execution via HTTPD Session File Inclusion
CVSS 8.1
CVE-2024-43690
HIGH
Command Centre Server/Workstations <9.10-8.70 - RCE
CVSS 8.0
CVE-2024-8252
HIGH
Clean Login <1.14.5 - Code Injection
CVSS 8.8
Details
Vulnerabilities
257