CWE-283
22 CVEs classified under CWE-283. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-43882 | High | 7.8 | 2025-08-27 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this… |
CVE-2026-4269 | High | 7.5 | 2026-03-16 | A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build pr… |
CVE-2025-47940 | High | 7.2 | 2025-05-20 | TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and… |
CVE-2026-44707 | Medium | 6.8 | 2026-05-26 | Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow… |
CVE-2026-44562 | Medium | 6.5 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allo… |
CVE-2022-29220 | Medium | 6.5 | 2022-05-31 | github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-… |
CVE-2020-8554 | Medium | 6.3 | 2021-01-21 | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to t… |
CVE-2025-9822 | Medium | 5.5 | 2025-09-03 | SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn a… |
CVE-2024-1853 | Medium | 5.5 | 2024-03-14 | Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and za… |
CVE-2026-40337 | Medium | 5.1 | 2026-04-18 | The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capabili… |
CVE-2025-12815 | Medium | 4.3 | 2025-11-06 | An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an aut… |
CVE-2025-36091 | Medium | 4.3 | 2025-11-03 | IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate use… |
CVE-2026-0598 | Medium | 4.2 | 2026-02-06 | A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a… |
CVE-2023-30544 | Low | 3.9 | 2023-04-24 | Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile… |
CVE-2023-6068 | Low | 3.1 | 2024-03-04 | On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the c… |
CVE-2026-29788 | | 2026-03-06 | TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Pr… | |
CVE-2026-27486 | | 2026-02-21 | OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern… | |
CVE-2026-26016 | | 2026-02-19 | Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in… | |
CVE-2025-1007 | | 2025-02-19 | In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a name… | |
CVE-2024-27903 | | 2024-07-08 | OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can… |