CWE-829

Inclusion of Functionality from Untrusted Control Sphere

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

257 vulnerabilities with CWE-829
CVE-2024-5762 HIGH
Zen Cart - Unauthenticated Local File Inclusion and Remote Code Execution via findPluginAdminPage
CVSS 8.1
CVE-2024-4359 MEDIUM
Elementor Addons <5.7.2 - Info Disclosure
CVSS 6.5
CVE-2024-29073 MEDIUM
Anki < 24.6 - Arbitrary File Read via Latex Verbatim Package
CVSS 5.3
CVE-2024-38537 NONE
Fides < 2.39.1 - Untrusted Script Execution via polyfill.io Dependency
CVE-2024-38476 CRITICAL
Apache HTTP Server <2.4.60 - Info Disclosure/SSRF
CVSS 9.8
CVE-2024-3043 HIGH
Ember ZNet SDK < 8.0.0 - Unauthenticated Denial of Service via IEEE 802.15.4 Co-ordinator Realignment Packet
CVSS 7.5
CVE-2024-5693 MEDIUM
Firefox < 127 and ESR < 115.12 - Same-Origin Policy Bypass via Offscreen Canvas
CVSS 6.1
CVE-2024-35650 MEDIUM
MelaPress Login Security <= 1.3.0 - Remote File Inclusion
CVSS 4.9
CVE-2024-35629 CRITICAL
Wow-Company Easy Digital Downloads - Recent Purchases <1.0.2 - Code...
CVSS 9.6
CVE-2024-28184 HIGH
WeasyPrint <61.2 - File/URL Injection
CVSS 7.4
CVE-2024-24821 HIGH
Composer 2.0.0-2.2.23 - Local Privilege Escalation via Tampered Local Files
CVSS 8.8
CVE-2023-49134 HIGH
TP-Link EAP225 and EAP115 Firmware - Unauthenticated Remote Code Execution via tddpd enable_test_mode
CVSS 8.1
CVE-2023-49133 HIGH
TP-Link EAP225 and EAP115 Firmware - Unauthenticated Remote Code Execution via tddpd enable_test_mode
CVSS 8.1
CVE-2023-6971 HIGH
WordPress Backup Migration <1.3.9 - RCE
CVSS 8.1
CVE-2023-4591 HIGH
WPN-XM Serverstack 0.8.6 - Local File Inclusion via page Parameter
CVSS 7.5
CVE-2023-45798 HIGH
Yettiesoft VestCert 2.3.6-2.5.29 - Remote Code Execution via Third-Party Module Loading
CVSS 8.4
CVE-2023-33559 HIGH
OcoMon < 4.0.1 - Local File Inclusion via Lang Parameter
CVSS 8.8
CVE-2023-5523 HIGH
M-Files Web Companion < 23.10 and < 23.8 LTS SR1 - Remote Code Execution via Downloaded Content Execution
CVSS 8.6
CVE-2023-4488 CRITICAL
Dropbox Folder Share for WordPress <=1.9.7 - Local File Inclusion
CVSS 9.8
CVE-2023-0625 HIGH
Docker Desktop < 4.12.0 - Remote Code Execution via Extension Description or Changelog
CVSS 8.0
CVE-2023-41267 HIGH
Apache Airflow HDFS Provider <4.1.1 - Info Disclosure
CVSS 7.8
CVE-2023-2453 HIGH
phpfusion < 9.10.30 - Remote Code Execution via Unsanitized File Path in require_once
CVSS 8.8
CVE-2023-31170 MEDIUM
Schweitzer Engineering Laboratories SEL-5030 - Code Injection
CVSS 5.9
CVE-2023-31168 MEDIUM
SEL-5030 acSELerator QuickSet Software <7.1.3.0 - Code Injection
CVSS 5.5
CVE-2023-40195 HIGH
Apache Airflow Spark Provider < 4.1.3 - Authenticated Remote Code Execution via Malicious Spark Server
CVSS 8.8
Details
Vulnerabilities 257
Links
MITRE CWE Entry Search this CWE With Exploits