CWE-15
61 CVEs classified under CWE-15. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45087 | Critical | 10.0 | 2026-05-27 | Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server)… |
CVE-2024-4326 | Critical | 9.8 | 2024-05-16 | A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protec… |
CVE-2024-39800 | Critical | 9.1 | 2025-01-14 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A special… |
CVE-2024-39799 | Critical | 9.1 | 2025-01-14 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A special… |
CVE-2024-39798 | Critical | 9.1 | 2025-01-14 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A special… |
CVE-2024-38666 | Critical | 9.1 | 2025-01-14 | An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially craft… |
CVE-2024-39602 | Critical | 9.1 | 2025-01-14 | An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request c… |
CVE-2024-39795 | Critical | 9.1 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted… |
CVE-2024-39794 | Critical | 9.1 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted… |
CVE-2024-39793 | Critical | 9.1 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted… |
CVE-2024-39280 | Critical | 9.1 | 2025-01-14 | An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP reque… |
CVE-2024-39790 | Critical | 9.1 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTT… |
CVE-2024-39789 | Critical | 9.1 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTT… |
CVE-2024-39788 | Critical | 9.1 | 2025-01-14 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTT… |
CVE-2023-46248 | Critical | 9.1 | 2023-10-31 | Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution u… |
CVE-2021-38453 | Critical | 9.1 | 2021-10-22 | Some API functions allow interaction with the registry, which includes reading values as well as data modification. |
CVE-2026-1784 | High | 8.8 | 2026-06-02 | The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec… |
CVE-2026-41489 | High | 8.8 | 2026-05-11 | Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1… |
CVE-2024-10979 | High | 8.8 | 2024-11-14 | Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. P… |
CVE-2023-4704 | High | 8.8 | 2023-09-01 | External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. |