VYPR

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

BaseIncomplete

Description

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-175 · CAPEC-201 · CAPEC-228 · CAPEC-251 · CAPEC-252 · CAPEC-253 · CAPEC-263 · CAPEC-538 · CAPEC-549 · CAPEC-640 · CAPEC-660 · CAPEC-695 · CAPEC-698

CVEs mapped to this weakness (143)

page 2 of 8
  • CVE-2025-8714HigAug 14, 2025
    risk 0.57cvss 8.8epss 0.01

    Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. …

  • CVE-2024-12215HigMar 20, 2025
    risk 0.57cvss 8.8epss 0.01

    In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to…

  • CVE-2018-7422HigMar 19, 2018
    risk 0.57cvss 7.5epss 0.63

    A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.

  • CVE-2017-14095HigJan 19, 2018
    risk 0.57cvss 8.1epss 0.13

    A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.

  • CVE-2026-12057HigJun 15, 2026
    risk 0.56cvss 8.6epss 0.00

    When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.

  • CVE-2026-48124HigJun 15, 2026
    risk 0.55cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could…

  • CVE-2026-5241CriJun 3, 2026
    risk 0.55cvss 9.6epss 0.00

    A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent…

  • CVE-2026-7373HigMay 15, 2026
    risk 0.55cvss epss 0.00

    Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL…

  • CVE-2026-44336CriMay 8, 2026
    risk 0.55cvss 9.6epss 0.01

    PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and…

  • CVE-2026-43944CriMay 8, 2026
    risk 0.55cvss 9.6epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted…

  • CVE-2026-1342HigApr 8, 2026
    risk 0.55cvss 8.5epss 0.00

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute…

  • CVE-2025-12509HigOct 31, 2025
    risk 0.55cvss 8.4epss 0.00

    On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.

  • CVE-2024-45482HigMar 25, 2025
    risk 0.55cvss epss 0.00

    An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands.

  • CVE-2026-5843HigMay 22, 2026
    risk 0.53cvss 8.2epss 0.00

    The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.json specifies a model_file…

  • CVE-2026-5817HigMay 22, 2026
    risk 0.53cvss 8.2epss 0.00

    The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files included…

  • CVE-2026-40959CriApr 16, 2026
    risk 0.53cvss 9.3epss 0.00

    Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.

  • CVE-2026-40154CriApr 9, 2026
    risk 0.53cvss 9.3epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This…

  • CVE-2026-28135HigMar 5, 2026
    risk 0.53cvss 8.2epss 0.00

    Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1052.

  • CVE-2025-67900HigDec 14, 2025
    risk 0.53cvss 8.1epss 0.00

    NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.

  • CVE-2024-50497HigOct 28, 2024
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform advanced-online-ordering-and-delivery-platform allows PHP Local File Inclusion.This issue affects…