CWE-1286
87 CVEs classified under CWE-1286. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-7954 | Critical | 9.8 | 2024-08-23 | The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthentic… |
CVE-2026-25513 | High | 8.8 | 2026-02-04 | FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection… |
CVE-2025-41719 | High | 8.8 | 2025-10-22 | A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion… |
CVE-2021-31988 | High | 8.8 | 2021-10-05 | A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) co… |
CVE-2021-28812 | High | 8.8 | 2021-06-03 | A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to ex… |
CVE-2026-50131 | High | 8.6 | 2026-06-10 | Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg… |
CVE-2026-6442 | High | 8.3 | 2026-04-16 | Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attac… |
CVE-2024-26507 | High | 7.8 | 2024-06-10 | An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileg… |
CVE-2026-48059 | High | 7.5 | 2026-06-12 | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY p… |
CVE-2025-8873 | High | 7.5 | 2026-06-04 | On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The co… |
CVE-2026-7307 | High | 7.5 | 2026-05-19 | A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoi… |
CVE-2026-42579 | High | 7.5 | 2026-05-13 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 doma… |
CVE-2026-6918 | High | 7.5 | 2026-05-05 | In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message. |
CVE-2026-40198 | High | 7.5 | 2026-04-10 | Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed… |
CVE-2026-33778 | High | 7.5 | 2026-04-09 | An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series an… |
CVE-2026-33218 | High | 7.5 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connec… |
CVE-2026-27889 | High | 7.5 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.1… |
CVE-2026-25679 | High | 7.5 | 2026-03-06 | url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. |
CVE-2025-13878 | High | 7.5 | 2026-01-21 | Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9… |
CVE-2026-21917 | High | 7.5 | 2026-01-15 | An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthe… |