CWE-830

5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-830page 1 of 1

CVE-2021-28162MEDIUMCVSS 6.1EG 6.1
2021-03-12
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
CVE-2023-2588HIGHCVSS 8.8EG 8.8
2023-05-22
Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a …
CVE-2024-29944HIGHCVSS 8.4EG 8.4
2024-03-22
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Fi…
CVE-2024-35180MEDIUMCVSS 6.1EG 6.1
2024-05-21
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has bee…
CVE-2024-42381HIGHCVSS 8.3EG 8.3
2024-07-31
os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occu…

Map vulnerabilities like CWE-830 to your infrastructure

EchelonGraph correlates every CVE — across CWE-830 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →