CVEs classified under CWE-829, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-1699 — CVSS 10.0 (critical): In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while…
CVE-2025-70974 — CVSS 10.0 (critical): Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a…
CVE-2025-0982 — CVSS 10.0 (critical): Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code…
CVE-2021-41037 — CVSS 10.0 (critical): In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during…
CVE-2022-1161 — CVSS 10.0 (critical): An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix…
CVE-2020-4561 — CVSS 10.0 (critical): IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote…
CVE-2026-27941 — CVSS 9.9 (critical): OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub…
CVE-2025-70046 — CVSS 9.8 (critical): An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.
CVE-2026-26974 — CVSS 9.8 (critical): Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports…
CVE-2026-0770 — CVSS 9.8 (critical): Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability…
CVE-2025-59828 — CVSS 9.8 (critical): Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins…
CVE-2024-49649 — CVSS 9.8 (critical): Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build…
CVE-2024-38476 — CVSS 9.8 (critical): Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via…
CVE-2022-24119 — CVSS 9.8 (critical): Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration…
CVE-2020-16152 — CVSS 9.8 (critical): The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows…
CVE-2021-21804 — CVSS 9.8 (critical): A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A…
CVE-2020-25414 — CVSS 9.8 (critical): A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute…
CVE-2020-3794 — CVSS 9.8 (critical): ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to…
CVE-2019-13589 — CVSS 9.8 (critical): The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current…
CVE-2018-17246 — CVSS 9.8 (critical): Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the…
CVE-2017-5397 — CVSS 9.8 (critical): The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This…
CVE-2017-1376 — CVSS 9.8 (critical): A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID…
CVE-2010-2076 — CVSS 9.8 (critical): Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry…
CVE-2004-0285 — CVSS 9.8 (critical): PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote…
CVE-2004-0030 — CVSS 9.8 (critical): PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61…
CVE-2026-5241 — CVSS 9.6 (critical): A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model…
CVE-2024-35629 — CVSS 9.6 (critical): Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy…
CVE-2026-47174: In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow…
CVE-2026-47172: Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a…
CVE-2025-36852: A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as…
CVE-2026-40154 — CVSS 9.3 (critical): PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code…
CVE-2025-27510: conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency -…
CVE-2021-32802 — CVSS 9.3 (critical): Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content…
CVE-2026-40903 — CVSS 9.1 (critical): goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of…
CVE-2026-40313 — CVSS 9.1 (critical): PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a…
CVE-2025-53546 — CVSS 9.1 (critical): Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be…
CVE-2018-15486 — CVSS 9.1 (critical): An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is…
CVE-2026-46580 — CVSS 8.8 (high): In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded…
CVE-2026-44691 — CVSS 8.8 (high): In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be…
CVE-2026-44688 — CVSS 8.8 (high): In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context…
CVE-2026-53810 — CVSS 8.8 (high): OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward…
CVE-2026-43571 — CVSS 8.8 (high): OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace…
CVE-2026-43569 — CVSS 8.8 (high): OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during…
CVE-2026-6859 — CVSS 8.8 (high): A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This…
CVE-2025-65964 — CVSS 8.8 (high): n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE…
CVE-2024-32011 — CVSS 8.8 (high): A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run…