CWE-830

10 CVEs classified under CWE-830. Browse by severity and year.

Top CVEs for CWE-830
CVESeverityScorePublishedSummary
CVE-2023-2588High8.82023-05-22 Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management…
CVE-2025-64496High7.32025-11-08Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerab…
CVE-2025-46652Medium6.12025-04-26In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark…
CVE-2025-43703Medium6.12025-04-16An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the at…
CVE-2025-33028Medium6.12025-04-15In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to…
CVE-2025-33027Medium6.12025-04-15In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protecti…
CVE-2025-33026Medium6.12025-04-15In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechani…
CVE-2024-35180Medium6.12024-05-21OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to…
CVE-2025-651092025-11-21Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0…
CVE-2021-281622021-03-12In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.