CWE-183
30 CVEs classified under CWE-183. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-29514 | High | 8.8 | 2026-05-04 | NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authen… |
CVE-2025-53762 | High | 8.7 | 2025-07-18 | Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network. |
CVE-2026-33979 | High | 8.2 | 2026-03-27 | Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross S… |
CVE-2026-41387 | High | 7.8 | 2026-04-28 | OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts… |
CVE-2025-59457 | High | 7.7 | 2025-09-17 | In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows |
CVE-2026-42043 | High | 7.2 | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request… |
CVE-2024-1654 | High | 7.2 | 2024-03-14 | This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin… |
CVE-2025-24349 | High | 7.1 | 2025-04-30 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete t… |
CVE-2026-21915 | Medium | 6.7 | 2026-04-09 | A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, hig… |
CVE-2022-34450 | Medium | 6.7 | 2023-02-10 | PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue… |
CVE-2023-4399 | Medium | 6.6 | 2023-10-17 | Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure G… |
CVE-2026-43574 | Medium | 6.5 | 2026-05-05 | OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as exp… |
CVE-2026-35649 | Medium | 6.5 | 2026-04-10 | OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty al… |
CVE-2026-2303 | Medium | 6.5 | 2026-02-10 | The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-… |
CVE-2026-4509 | Medium | 6.3 | 2026-03-21 | A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload… |
CVE-2024-38522 | Medium | 6.3 | 2024-06-28 | Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` websit… |
CVE-2026-41240 | Medium | 6.1 | 2026-04-23 | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_… |
CVE-2022-23158 | Medium | 6.0 | 2022-04-01 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentia… |
CVE-2026-42042 | Medium | 5.4 | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript t… |
CVE-2026-32881 | Medium | 5.3 | 2026-03-20 | ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chun… |