CWE-358
128 CVEs classified under CWE-358. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-0268 | Critical | 10.0 | 2018-05-17 | A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to byp… |
CVE-2022-25152 | Critical | 9.9 | 2022-06-09 | The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory a… |
CVE-2026-50628 | Critical | 9.8 | 2026-06-12 | A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP addres… |
CVE-2025-66603 | Critical | 9.8 | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potenti… |
CVE-2025-62583 | Critical | 9.8 | 2025-10-16 | Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment. |
CVE-2023-4501 | Critical | 9.8 | 2023-09-12 | User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enter… |
CVE-2023-3266 | Critical | 9.8 | 2023-08-14 | A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentic… |
CVE-2019-6742 | Critical | 9.8 | 2019-06-03 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not… |
CVE-2018-1275 | Critical | 9.8 | 2018-04-11 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocke… |
CVE-2018-1270 | Critical | 9.8 | 2018-04-06 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocke… |
CVE-2016-10229 | Critical | 9.8 | 2017-04-04 | udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation duri… |
CVE-2026-29103 | Critical | 9.1 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability… |
CVE-2025-69234 | Critical | 9.1 | 2025-12-30 | Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment. |
CVE-2023-39403 | Critical | 9.1 | 2023-08-13 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written witho… |
CVE-2026-44513 | High | 8.8 | 2026-05-14 | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary… |
CVE-2026-1486 | High | 8.8 | 2026-02-09 | A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enab… |
CVE-2025-3069 | High | 8.8 | 2025-04-02 | Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML… |
CVE-2024-7965 | High | 8.8 | 2024-08-21 | Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML… |
CVE-2024-6772 | High | 8.8 | 2024-07-16 | Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML… |
CVE-2024-6101 | High | 8.8 | 2024-06-20 | Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML… |