CWE-1288
19 CVEs classified under CWE-1288. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-39353 | Critical | 9.4 | 2022-11-02 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because… |
CVE-2024-25951 | High | 8.0 | 2024-03-09 | A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. |
CVE-2022-50976 | High | 7.7 | 2026-02-02 | A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. |
CVE-2024-39515 | High | 7.5 | 2024-10-09 | An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows… |
CVE-2023-6245 | High | 7.5 | 2023-12-08 | The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { *… |
CVE-2024-31136 | High | 7.4 | 2024-03-28 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter |
CVE-2023-32701 | High | 7.1 | 2023-11-14 | Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure o… |
CVE-2024-12093 | Medium | 6.8 | 2025-05-22 | An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath vali… |
CVE-2024-8305 | Medium | 6.5 | 2024-10-21 | prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple… |
CVE-2024-5953 | Medium | 5.7 | 2024-06-18 | A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service whil… |
CVE-2023-1620 | Medium | 4.9 | 2023-06-26 | Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted… |
CVE-2023-1619 | Medium | 4.9 | 2023-06-26 | Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. |
CVE-2026-9689 | Medium | 4.2 | 2026-05-27 | A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform… |
CVE-2025-46722 | Medium | 4.2 | 2025-05-29 | vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.p… |
CVE-2024-31140 | Medium | 4.1 | 2024-03-28 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools |
CVE-2025-10929 | | 2025-10-29 | Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects R… | |
CVE-2025-9999 | | 2025-09-05 | Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an atta… | |
CVE-2025-2885 | | 2025-03-27 | Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended versio… | |
CVE-2021-41531 | | 2021-09-21 | NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to… |