CWE-1287

141 CVEs classified under CWE-1287. Browse by severity and year.

Top CVEs for CWE-1287
CVESeverityScorePublishedSummary
CVE-2024-51551Critical10.02024-12-05Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPE…
CVE-2024-51550Critical10.02024-12-05Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: …
CVE-2024-6298Critical10.02024-07-05Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arb…
CVE-2021-43802Critical9.92021-12-09Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the atta…
CVE-2024-4879Critical9.82024-07-10ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could e…
CVE-2021-32024Critical9.82021-12-13A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in…
CVE-2026-24307Critical9.32026-01-22Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-12977Critical9.12025-11-24Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write reco…
CVE-2024-5594Critical9.12025-01-06OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending…
CVE-2024-35213Critical9.02024-06-11An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial…
CVE-2026-26115High8.82026-03-10Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-2004High8.82026-02-12Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the o…
CVE-2024-20494High8.62024-10-23A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software cou…
CVE-2025-20251High8.52025-08-14A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defe…
CVE-2025-46342High8.52025-04-30Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using nam…
CVE-2026-40851High8.42026-05-27A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a t…
CVE-2023-28799High8.22023-06-22A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user aft…
CVE-2026-44249High8.12026-06-11Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an…
CVE-2026-9753High8.12026-06-09The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bou…
CVE-2025-42929High8.12025-09-09Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables ar…