CWE-253
20 CVEs classified under CWE-253. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4501 | Critical | 9.8 | 2023-09-12 | User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enter… |
CVE-2017-7474 | Critical | 9.8 | 2017-05-12 | It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and… |
CVE-2023-49286 | High | 8.6 | 2023-12-04 | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Den… |
CVE-2026-35091 | High | 8.2 | 2026-04-01 | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity c… |
CVE-2026-0648 | High | 7.8 | 2026-01-27 | The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) wh… |
CVE-2026-46419 | High | 7.5 | 2026-05-14 | Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to im… |
CVE-2025-57767 | High | 7.5 | 2025-08-28 | Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an… |
CVE-2024-43521 | High | 7.5 | 2024-10-08 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-32475 | High | 7.5 | 2024-04-18 | Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:auth… |
CVE-2024-1622 | High | 7.5 | 2024-02-26 | Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening. |
CVE-2021-37625 | High | 7.5 | 2021-08-05 | Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socke… |
CVE-2023-24487 | Medium | 6.3 | 2023-07-10 | Arbitrary file read in Citrix ADC and Citrix Gateway |
CVE-2026-35340 | Medium | 5.5 | 2026-04-22 | A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The fin… |
CVE-2026-35339 | Medium | 5.5 | 2026-04-22 | The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is deter… |
CVE-2023-34449 | Medium | 5.3 | 2023-06-14 | ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and p… |
CVE-2022-24880 | Medium | 5.3 | 2022-04-25 | flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1… |
CVE-2020-6107 | Medium | 4.4 | 2020-10-15 | An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can… |
CVE-2026-43863 | Low | 3.7 | 2026-05-04 | mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. |
CVE-2025-11839 | Low | 3.3 | 2025-10-16 | A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchec… |
CVE-2025-54090 | | 2025-07-23 | A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, whi… |