CWE-1286

87 CVEs classified under CWE-1286. Browse by severity and year.

Top CVEs for CWE-1286
CVESeverityScorePublishedSummary
CVE-2024-7954Critical9.82024-08-23The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthentic…
CVE-2026-25513High8.82026-02-04FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection…
CVE-2025-41719High8.82025-10-22A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion…
CVE-2021-31988High8.82021-10-05A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) co…
CVE-2021-28812High8.82021-06-03A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to ex…
CVE-2026-50131High8.62026-06-10Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg…
CVE-2026-6442High8.32026-04-16Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attac…
CVE-2024-26507High7.82024-06-10An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileg…
CVE-2026-48059High7.52026-06-12Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY p…
CVE-2025-8873High7.52026-06-04On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The co…
CVE-2026-7307High7.52026-05-19A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoi…
CVE-2026-42579High7.52026-05-13Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 doma…
CVE-2026-6918High7.52026-05-05In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.
CVE-2026-40198High7.52026-04-10Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed…
CVE-2026-33778High7.52026-04-09An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series an…
CVE-2026-33218High7.52026-03-25NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connec…
CVE-2026-27889High7.52026-03-25NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.1…
CVE-2026-25679High7.52026-03-06url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
CVE-2025-13878High7.52026-01-21Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9…
CVE-2026-21917High7.52026-01-15An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthe…