VYPR

CWE-1104

Use of Unmaintained Third Party Components

BaseIncomplete

Description

The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (10)

  • CVE-2025-40906CriMay 16, 2025
    risk 0.64cvss 9.8epss 0.01

    BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of…

  • CVE-2026-41468HigApr 22, 2026
    risk 0.57cvss 8.7epss 0.00

    Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary…

  • CVE-2025-3497HigJul 9, 2025
    risk 0.57cvss 8.7epss 0.00

    The Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) is obsolete and reached end of life (EOL) on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product.

  • CVE-2024-11999HigDec 17, 2024
    risk 0.57cvss 8.8epss 0.01

    CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.

  • CVE-2024-8885HigOct 2, 2024
    risk 0.57cvss 8.8epss 0.00

    A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files.

  • CVE-2026-21821HigMay 13, 2026
    risk 0.54cvss 8.3epss 0.00

    The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk…

  • CVE-2025-20010HigNov 11, 2025
    risk 0.51cvss 7.8epss 0.00

    Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack…

  • CVE-2025-48862HigAug 14, 2025
    risk 0.46cvss 7.1epss 0.00

    Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains…

  • CVE-2024-35252Jun 11, 2024
    risk 0.00cvss epss 0.02

    Azure Storage Movement Client Library Denial of Service Vulnerability

  • CVE-2024-21631Jan 3, 2024
    risk 0.00cvss epss 0.01

    Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly…