CWE-233
22 CVEs classified under CWE-233. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-0269 | High | 8.8 | 2021-04-22 | The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions aga… |
CVE-2021-1230 | High | 8.6 | 2021-02-24 | A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow… |
CVE-2026-2370 | High | 8.1 | 2026-03-29 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Conn… |
CVE-2025-52970 | High | 7.7 | 2025-08-12 | A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may… |
CVE-2023-20076 | High | 7.2 | 2023-02-12 | A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the und… |
CVE-2022-22792 | Medium | 6.6 | 2022-02-16 | MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password i… |
CVE-2021-45478 | Medium | 6.5 | 2023-03-02 | Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users. This issu… |
CVE-2021-45477 | Medium | 6.5 | 2023-03-02 | Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users. This issu… |
CVE-2018-25233 | Medium | 6.2 | 2026-03-30 | WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in… |
CVE-2024-20306 | Medium | 6.0 | 2024-03-27 | A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrar… |
CVE-2023-1419 | Medium | 5.9 | 2024-11-17 | A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacke… |
CVE-2024-25979 | Medium | 5.3 | 2024-02-19 | The URL parameters accepted by forum search were not limited to the allowed parameters. |
CVE-2023-28898 | Medium | 5.3 | 2024-01-12 | The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This… |
CVE-2022-32261 | Medium | 5.3 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT upda… |
CVE-2020-10069 | Medium | 4.3 | 2021-05-24 | Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). F… |
CVE-2026-33585 | Low | 3.8 | 2026-05-13 | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenan… |
CVE-2026-32998 | | 2026-05-28 | This vulnerability in Veeam Service Provider Console allows for remote code execution. | |
CVE-2023-20514 | | 2026-02-11 | Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trust… | |
CVE-2025-55080 | | 2025-10-15 | In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary… | |
CVE-2025-55078 | | 2025-10-14 | In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vuln… |