CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
230 vulnerabilities with CWE-829
CVE-2023-36609
HIGH
TBox RTUs - Privilege Escalation
CVSS 7.2
CVE-2023-2249
HIGH
Gvectors Wpforo Forum < 2.1.7 - SSRF
CVSS 8.8
CVE-2023-2551
HIGH
unilogies/bumsys <2.1.1 - RCE
CVSS 8.8
CVE-2023-26053
MEDIUM
Gradle - Info Disclosure
CVSS 6.6
CVE-2023-21440
MEDIUM
Samsung Android - Improper Authorization
CVSS 6.2
CVE-2022-49038
HIGH
Synology Drive Client <3.3.0-15082 - RCE
CVSS 7.8
CVE-2022-31021
LOW
Ursa - Info Disclosure
CVSS 3.3
CVE-2022-46302
HIGH
Apache - Remote Code Execution
CVSS 8.8
CVE-2022-30037
HIGH
XunRuiCMS <4.5.1 - RCE
CVSS 7.2
CVE-2022-4134
LOW
openstack-glance - Privilege Escalation
CVSS 2.8
CVE-2022-41216
HIGH
Cloudflow - Info Disclosure
CVSS 8.3
CVE-2022-24119
CRITICAL
General Electric Renewable Energy <8.3.0 - Unauthenticated RCE
CVSS 9.8
CVE-2022-34468
HIGH
Firefox <102 - XSS
CVSS 8.8
CVE-2022-41709
HIGH
Markdownify <1.4.1 - RCE
CVSS 7.8
CVE-2022-22246
HIGH
Juniper Networks Junos OS <19.1R3-S9, <19.2R3-S6, <19.3 - LFI
CVSS 7.5
CVE-2022-37191
MEDIUM
CuppaCMS v1.0 - Path Traversal
CVSS 6.5
CVE-2022-34121
HIGH
Cuppa CMS v1.0 - Local File Inclusion
CVSS 7.5
CVE-2022-33317
HIGH
Mitsubishi Electric GENESIS64 <10.97.1 - Code Injection
CVSS 7.8
CVE-2022-30244
HIGH
Honeywell Alerton Ascent Control Module (ACM) - Code Injection
CVSS 8.0
CVE-2022-30243
HIGH
Honeywell Alerton Visual Logic - Code Injection
CVSS 8.8
CVE-2022-31156
MEDIUM
Gradle <7.4.2 - Info Disclosure
CVSS 6.6
CVE-2022-29845
MEDIUM
Ipswitch WhatsUp Gold <22.0.0 - Info Disclosure
CVSS 6.5
CVE-2022-24824
MEDIUM
Discourse - Info Disclosure
CVSS 5.3
CVE-2022-1161
CRITICAL
ControlLogix, CompactLogix, GuardLogix - Code Injection
CVSS 10.0
CVE-2022-25486
HIGH
CuppaCMS v1.0 - Local File Inclusion
CVSS 7.8
Details
Vulnerabilities
230