CWE-807
Reliance on Untrusted Inputs in a Security Decision
Description
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Hierarchy (View 1000)
CVEs mapped to this weakness (52)
page 3 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-29794 | — | 0.00 | — | 0.00 | Mar 20, 2026 | Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the `X-Forwarded-For` or `X-Real-IP` headers due to the rate-limit… | ||
| CVE-2026-33068 | 0.00 | — | 0.00 | Mar 20, 2026 | Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set… | |||
| CVE-2026-32029 | 0.00 | — | 0.00 | Mar 19, 2026 | OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate from configured trusted proxies, allowing attackers to spoof client IP addresses. In proxy chains that append or preserve header values, attackers can inject… | |||
| CVE-2026-29610 | 0.00 | — | 0.00 | Mar 5, 2026 | OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to… | |||
| CVE-2026-25958 | 0.00 | — | 0.00 | Feb 9, 2026 | Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14. | |||
| CVE-2025-66507 | 0.00 | — | 0.00 | Dec 9, 2025 | 1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper… | |||
| CVE-2021-41129 | 0.00 | — | 0.02 | Oct 6, 2021 | Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In… | |||
| CVE-2021-31999 | 0.00 | — | 0.01 | Jul 15, 2021 | A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher… | |||
| CVE-2021-29479 | 0.00 | — | 0.01 | Jun 29, 2021 | Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` header as a cache key.… | |||
| CVE-2017-18915 | — | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. | ||
| CVE-2020-5252 | 0.00 | — | 0.00 | Mar 23, 2020 | The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages.… | |||
| CVE-2019-10844 | 0.00 | — | 0.02 | Apr 4, 2019 | nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted. |
- CVE-2026-29794Mar 20, 2026risk 0.00cvss —epss 0.00
Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the `X-Forwarded-For` or `X-Real-IP` headers due to the rate-limit…
- CVE-2026-33068Mar 20, 2026risk 0.00cvss —epss 0.00
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set…
- CVE-2026-32029Mar 19, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate from configured trusted proxies, allowing attackers to spoof client IP addresses. In proxy chains that append or preserve header values, attackers can inject…
- CVE-2026-29610Mar 5, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to…
- CVE-2026-25958Feb 9, 2026risk 0.00cvss —epss 0.00
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14.
- CVE-2025-66507Dec 9, 2025risk 0.00cvss —epss 0.00
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper…
- CVE-2021-41129Oct 6, 2021risk 0.00cvss —epss 0.02
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In…
- CVE-2021-31999Jul 15, 2021risk 0.00cvss —epss 0.01
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher…
- CVE-2021-29479Jun 29, 2021risk 0.00cvss —epss 0.01
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` header as a cache key.…
- CVE-2017-18915Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
- CVE-2020-5252Mar 23, 2020risk 0.00cvss —epss 0.00
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages.…
- CVE-2019-10844Apr 4, 2019risk 0.00cvss —epss 0.02
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.