CWE-358

128 CVEs classified under CWE-358. Browse by severity and year.

Top CVEs for CWE-358
CVESeverityScorePublishedSummary
CVE-2018-0268Critical10.02018-05-17A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to byp…
CVE-2022-25152Critical9.92022-06-09The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory a…
CVE-2026-50628Critical9.82026-06-12A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP addres…
CVE-2025-66603Critical9.82026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potenti…
CVE-2025-62583Critical9.82025-10-16Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
CVE-2023-4501Critical9.82023-09-12User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enter…
CVE-2023-3266Critical9.82023-08-14A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentic…
CVE-2019-6742Critical9.82019-06-03This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not…
CVE-2018-1275Critical9.82018-04-11Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocke…
CVE-2018-1270Critical9.82018-04-06Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocke…
CVE-2016-10229Critical9.82017-04-04udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation duri…
CVE-2026-29103Critical9.12026-03-19SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability…
CVE-2025-69234Critical9.12025-12-30Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
CVE-2023-39403Critical9.12023-08-13Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written witho…
CVE-2026-44513High8.82026-05-14Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary…
CVE-2026-1486High8.82026-02-09A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enab…
CVE-2025-3069High8.82025-04-02Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML…
CVE-2024-7965High8.82024-08-21Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML…
CVE-2024-6772High8.82024-07-16Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML…
CVE-2024-6101High8.82024-06-20Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML…