CWE-155
14 CVEs classified under CWE-155. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-21646 | High | 8.1 | 2022-01-11 | SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch… |
CVE-2024-47791 | High | 7.5 | 2024-12-06 | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and rec… |
CVE-2025-24376 | Medium | 6.5 | 2025-01-30 | kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and Admissio… |
CVE-2024-6509 | Medium | 6.5 | 2024-09-10 | Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource… |
CVE-2024-0055 | Medium | 6.5 | 2024-03-19 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which cou… |
CVE-2024-0054 | Medium | 6.5 | 2024-03-19 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for f… |
CVE-2020-1772 | Medium | 6.5 | 2020-03-27 | It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which alr… |
CVE-2025-0681 | Medium | 6.2 | 2025-01-30 | The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tappi… |
CVE-2019-3802 | Low | 3.5 | 2019-06-03 | This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatc… |
CVE-2025-11757 | | 2025-10-21 | The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should… | |
CVE-2025-4232 | | 2025-06-12 | An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrati… | |
CVE-2025-27515 | | 2025-03-05 | Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request co… | |
CVE-2025-0106 | | 2025-01-11 | A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. | |
CVE-2024-8688 | | 2024-09-11 | An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators… |