CWE-394
14 CVEs classified under CWE-394. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25085 | High | 8.6 | 2026-02-27 | A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on process… |
CVE-2023-25948 | High | 7.5 | 2023-07-13 | Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for re… |
CVE-2019-0066 | High | 7.5 | 2019-10-09 | An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denia… |
CVE-2024-1713 | High | 7.2 | 2024-03-14 | A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum. |
CVE-2025-48510 | High | 7.1 | 2025-11-24 | Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. |
CVE-2019-20924 | Medium | 6.5 | 2020-11-23 | A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsB… |
CVE-2018-20802 | Medium | 6.5 | 2020-11-23 | A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner… |
CVE-2022-24880 | Medium | 5.3 | 2022-04-25 | flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1… |
CVE-2023-28975 | Medium | 4.6 | 2023-04-17 | An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to t… |
CVE-2023-48429 | Low | 2.7 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in… |
CVE-2025-12516 | | 2025-10-30 | Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |
CVE-2025-12515 | | 2025-10-30 | Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |
CVE-2025-22854 | | 2025-06-15 | Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions. | |
CVE-2025-23013 | | 2025-01-15 | In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be dep… |