CWE-420 · Unprotected Alternate Channel
36 CVEs classified under CWE-420 (Unprotected Alternate Channel). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-10081 | Critical | 10.0 | 2024-11-06 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the A… |
CVE-2023-20198 | Critical | 10.0 | 2023-10-16 | Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list… |
CVE-2025-52921 | Critical | 9.9 | 2025-06-23 | In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by up… |
CVE-2025-54309 | Critical | 9.0 | 2025-07-18 | CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers t… |
CVE-2025-54351 | High | 8.9 | 2025-08-03 | In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). |
CVE-2026-40217 | High | 8.8 | 2026-04-10 | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI. |
CVE-2025-62001 | High | 8.8 | 2025-12-18 | BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain… |
CVE-2025-8557 | High | 8.8 | 2025-09-11 | An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local… |
CVE-2025-1095 | High | 8.8 | 2025-04-08 | IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interact… |
CVE-2023-4570 | High | 8.8 | 2023-10-05 | An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. Th… |
CVE-2023-31241 | High | 8.6 | 2023-05-22 | Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. |
CVE-2025-53967 | High | 8.0 | 2025-10-08 | Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST reques… |
CVE-2024-8038 | High | 7.9 | 2024-10-02 | Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication loc… |
CVE-2025-41727 | High | 7.8 | 2026-01-27 | A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain adm… |
CVE-2023-7266 | High | 7.5 | 2024-12-28 | Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnera… |
CVE-2023-28840 | High | 7.5 | 2023-04-04 | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream pro… |
CVE-2025-59033 | High | 7.4 | 2025-09-08 | The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TB… |
CVE-2023-28842 | Medium | 6.8 | 2023-04-04 | Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream pr… |
CVE-2026-43505 | Medium | 6.5 | 2026-05-01 | An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access con… |
CVE-2023-52718 | Medium | 6.4 | 2024-12-28 | A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vu… |