CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
230 vulnerabilities with CWE-829
CVE-2019-15839
HIGH
Sina-Extension-For-Elementor <2.2.1 - Local File Inclusion
CVSS 7.5
CVE-2019-13589
CRITICAL
paranoid2 gem <1.1.6 - Code Injection
CVSS 9.8
CVE-2019-4263
MEDIUM
IBM Content Navigator <3.0CD - Local File Inclusion
CVSS 4.3
CVE-2019-11770
HIGH
Eclipse Buildship <3.1.1 - Info Disclosure
CVSS 8.1
CVE-2019-10249
HIGH
Xtext & Xtend <2.18.0 - Info Disclosure
CVSS 8.1
CVE-2019-11591
HIGH
WebDorado Contact Form <1.13.5 - CSRF
CVSS 8.8
CVE-2019-11590
HIGH
10Web Form Maker <1.13.5 - CSRF
CVSS 8.8
CVE-2019-10248
HIGH
Eclipse Vorto <0.11 - Info Disclosure
CVSS 8.1
CVE-2019-10240
HIGH
Eclipse Hawkbit < 0.2.5 - Cleartext Transmission
CVSS 8.1
CVE-2019-9829
HIGH
Maccms 10 - RCE
CVSS 8.8
CVE-2018-17246
CRITICAL
Kibana <6.4.3, 5.6.13 - Code Injection
CVSS 9.8
CVE-2018-12120
HIGH
Node.js <6.15.0 - RCE
CVSS 8.1
CVE-2018-18387
HIGH
Playsms < 1.4.2 - Privilege Escalation
CVSS 8.8
CVE-2018-15486
CRITICAL
KONE Group Controller <4.6.5 - Local File Inclusion
CVSS 9.1
CVE-2018-8351
MEDIUM
Microsoft Browser < - Info Disclosure
CVSS 6.5
CVE-2018-1000502
HIGH
MyBB Group MyBB - File Inclusion
CVSS 7.2
CVE-2018-11040
HIGH
Spring Framework <5.0.7 & <4.3.18 - XSS
CVSS 7.5
CVE-2018-1122
HIGH
procps-ng <3.3.15 - Privilege Escalation
CVSS 7.3
CVE-2018-7422
HIGH
Siteeditor Site Editor < 1.1.1 - Path Traversal
CVSS 7.5
CVE-2017-5397
CRITICAL
Firefox < 51.0.3 - Info Disclosure
CVSS 9.8
CVE-2017-14095
HIGH
Trend Micro Smart Protection Server <3.2 - RCE
CVSS 8.1
CVE-2017-1376
CRITICAL
IBM J9 VM - Privilege Escalation
CVSS 9.8
CVE-2017-6381
HIGH
Drupal < 8.2.7 - Remote Code Execution
CVSS 8.1
CVE-2013-3321
HIGH
NetApp OnCommand System Manager <2.1 - File Inclusion
CVSS 7.5
CVE-2013-4582
MEDIUM
GitLab <5.4.2, <6.2.4, <6.2.1 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities
230