CWE-349
32 CVEs classified under CWE-349. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42960 | Critical | 10.0 | 2026-05-20 | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that com… |
CVE-2024-25638 | High | 8.9 | 2024-07-22 | dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs… |
CVE-2025-40778 | High | 8.6 | 2025-10-22 | Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue aff… |
CVE-2025-40776 | High | 8.6 | 2025-07-16 | A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9… |
CVE-2026-32162 | High | 8.4 | 2026-04-14 | Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally. |
CVE-2021-21374 | High | 8.1 | 2021-03-26 | Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimb… |
CVE-2026-35641 | High | 7.8 | 2026-04-10 | OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious c… |
CVE-2020-8023 | High | 7.7 | 2020-09-01 | A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise… |
CVE-2025-29842 | High | 7.5 | 2025-05-13 | Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2025-29816 | High | 7.5 | 2025-04-08 | Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2025-27415 | High | 7.5 | 2025-03-19 | Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in so… |
CVE-2023-44317 | High | 7.2 | 2023-11-14 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2D… |
CVE-2024-53848 | High | 7.1 | 2024-11-29 | check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of… |
CVE-2023-3749 | High | 7.1 | 2023-08-03 | A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. |
CVE-2025-48804 | Medium | 6.8 | 2025-07-08 | Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical att… |
CVE-2024-42483 | Medium | 6.5 | 2024-09-12 | ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW b… |
CVE-2024-52555 | Medium | 6.3 | 2024-11-15 | In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script |
CVE-2023-51655 | Medium | 6.3 | 2023-12-21 | In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project con… |
CVE-2020-10751 | Medium | 6.1 | 2020-05-26 | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single… |
CVE-2026-1642 | Medium | 5.9 | 2026-02-04 | A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-m… |