CWE-424
31 CVEs classified under CWE-424. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-48827 | Critical | 10.0 | 2025-05-27 | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or late… |
CVE-2025-48828 | Critical | 9.0 | 2025-05-27 | Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template co… |
CVE-2024-58136 | Critical | 9.0 | 2025-04-10 | Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in Febru… |
CVE-2023-52952 | High | 8.5 | 2024-10-08 | A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435)… |
CVE-2024-3459 | High | 8.4 | 2024-05-09 | KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF… |
CVE-2025-68939 | High | 8.2 | 2025-12-26 | Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API. |
CVE-2024-3460 | High | 7.4 | 2024-05-09 | In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window… |
CVE-2023-5165 | High | 7.1 | 2023-09-25 | Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible… |
CVE-2023-0629 | High | 7.1 | 2023-03-13 | Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.soc… |
CVE-2019-18996 | High | 7.1 | 2019-12-18 | Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially al… |
CVE-2025-49163 | Medium | 6.7 | 2025-06-02 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file. |
CVE-2023-20272 | Medium | 6.7 | 2023-11-21 | A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files… |
CVE-2023-46176 | Medium | 6.7 | 2023-11-03 | IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID… |
CVE-2024-8311 | Medium | 6.5 | 2024-09-12 | An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authe… |
CVE-2021-3793 | Medium | 6.5 | 2021-11-12 | An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the sam… |
CVE-2025-49162 | Medium | 6.4 | 2025-06-02 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to c… |
CVE-2026-4913 | Medium | 5.7 | 2026-04-14 | Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has… |
CVE-2026-4270 | Medium | 5.5 | 2026-03-16 | Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may… |
CVE-2024-3927 | Medium | 5.3 | 2024-05-22 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submissi… |
CVE-2025-46655 | Medium | 4.9 | 2025-04-26 | CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain c… |