VYPR

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

BaseIncomplete

Description

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-175 · CAPEC-201 · CAPEC-228 · CAPEC-251 · CAPEC-252 · CAPEC-253 · CAPEC-263 · CAPEC-538 · CAPEC-549 · CAPEC-640 · CAPEC-660 · CAPEC-695 · CAPEC-698

CVEs mapped to this weakness (143)

page 4 of 8
  • CVE-2026-43571HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust…

  • CVE-2026-43569HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are…

  • CVE-2026-42089HigJun 16, 2026
    risk 0.49cvss 8.6epss 0.00

    Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream…

  • CVE-2026-8879HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all…

  • CVE-2020-36905HigJan 6, 2026
    risk 0.49cvss 7.5epss 0.00

    FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user…

  • CVE-2025-27582HigJul 14, 2025
    risk 0.49cvss 7.6epss 0.00

    The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the…

  • CVE-2025-39507HigMay 16, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through < 6.4.4.

  • CVE-2024-48336HigNov 4, 2024
    risk 0.49cvss 8.4epss 0.01

    The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges…

  • CVE-2024-49243HigOct 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ramjon27 Dynamic Elementor Addons dynamic-elementor-addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through <=…

  • CVE-2024-3043HigJun 27, 2024
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.

  • CVE-2026-46529HigJun 10, 2026
    risk 0.48cvss epss 0.01

    Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into…

  • CVE-2026-43940HigMay 8, 2026
    risk 0.48cvss 8.4epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifiers without any…

  • CVE-2026-32920HigMar 31, 2026
    risk 0.48cvss 8.4epss 0.00

    OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute…

  • CVE-2018-1000502HigJun 26, 2018
    risk 0.47cvss 7.2epss 0.01

    MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be…

  • CVE-2026-11269HigJun 5, 2026
    risk 0.46cvss 7.1epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2026-44358HigMay 28, 2026
    risk 0.46cvss 8.2epss 0.00

    Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path…

  • CVE-2026-43003HigMay 1, 2026
    risk 0.45cvss 8.0epss 0.01

    An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.

  • CVE-2026-52858HigJun 11, 2026
    risk 0.44cvss 7.8epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpreter) executes the import and…

  • CVE-2026-41396HigApr 28, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin…

  • CVE-2026-41336HigApr 23, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code.