CWE-830
12 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-830page 1 of 1
- CVE-2021-28162MEDIUMCVSS 6.1EG 6.12021-03-12
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
- CVE-2023-2588HIGHCVSS 8.8EG 8.82023-05-22
Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a …
- CVE-2024-29944HIGHCVSS 8.4EG 8.42024-03-22
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Fi…
- CVE-2024-35180MEDIUMCVSS 6.1EG 6.12024-05-21
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has bee…
- CVE-2024-42381HIGHCVSS 8.3EG 8.32024-07-31
os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occu…
- CVE-2025-33026MEDIUMCVSS 6.1EG 6.12025-04-15
In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. User interaction is required to exploit …
- CVE-2025-33027MEDIUMCVSS 6.1EG 6.12025-04-15
In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required…
- CVE-2025-33028MEDIUMCVSS 6.1EG 6.12025-04-15
In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Win…
- CVE-2025-43703MEDIUMCVSS 6.1EG 6.12025-04-16
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the…
- CVE-2025-46652MEDIUMCVSS 6.1EG 6.12025-04-26
In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed bec…
- CVE-2025-64496HIGHCVSS 7.3EG 7.32025-11-08
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model ser…
- CVE-2025-65109HIGHCVSS 8.5EG 0.02025-11-21
Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which ma…
Map vulnerabilities like CWE-830 to your infrastructure
EchelonGraph correlates every CVE — across CWE-830 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →