CWE-1287
141 CVEs classified under CWE-1287. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-51551 | Critical | 10.0 | 2024-12-05 | Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPE… |
CVE-2024-51550 | Critical | 10.0 | 2024-12-05 | Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: … |
CVE-2024-6298 | Critical | 10.0 | 2024-07-05 | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arb… |
CVE-2021-43802 | Critical | 9.9 | 2021-12-09 | Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the atta… |
CVE-2024-4879 | Critical | 9.8 | 2024-07-10 | ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could e… |
CVE-2021-32024 | Critical | 9.8 | 2021-12-13 | A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in… |
CVE-2026-24307 | Critical | 9.3 | 2026-01-22 | Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network. |
CVE-2025-12977 | Critical | 9.1 | 2025-11-24 | Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write reco… |
CVE-2024-5594 | Critical | 9.1 | 2025-01-06 | OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending… |
CVE-2024-35213 | Critical | 9.0 | 2024-06-11 | An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial… |
CVE-2026-26115 | High | 8.8 | 2026-03-10 | Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2026-2004 | High | 8.8 | 2026-02-12 | Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the o… |
CVE-2024-20494 | High | 8.6 | 2024-10-23 | A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software cou… |
CVE-2025-20251 | High | 8.5 | 2025-08-14 | A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defe… |
CVE-2025-46342 | High | 8.5 | 2025-04-30 | Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using nam… |
CVE-2026-40851 | High | 8.4 | 2026-05-27 | A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a t… |
CVE-2023-28799 | High | 8.2 | 2023-06-22 | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user aft… |
CVE-2026-44249 | High | 8.1 | 2026-06-11 | Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an… |
CVE-2026-9753 | High | 8.1 | 2026-06-09 | The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bou… |
CVE-2025-42929 | High | 8.1 | 2025-09-09 | Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables ar… |