CWE-436
57 CVEs classified under CWE-436. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-24813 | Critical | 10.0 | 2023-02-07 | Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrar… |
CVE-2026-8034 | Critical | 9.8 | 2026-05-07 | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal s… |
CVE-2026-41248 | Critical | 9.1 | 2026-04-24 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypa… |
CVE-2026-6270 | Critical | 9.1 | 2026-04-16 | @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers… |
CVE-2026-33808 | Critical | 9.1 | 2026-04-15 | Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabl… |
CVE-2026-33807 | Critical | 9.1 | 2026-04-15 | @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child… |
CVE-2026-40165 | High | 8.7 | 2026-05-21 | authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypas… |
CVE-2022-36051 | High | 8.7 | 2022-08-31 | ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a fe… |
CVE-2023-36456 | High | 8.3 | 2023-07-06 | authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-… |
CVE-2025-48384 | High | 8.1 | 2025-07-08 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to int… |
CVE-2022-35962 | High | 8.0 | 2022-08-29 | Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sen… |
CVE-2026-42551 | High | 7.5 | 2026-05-13 | Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUE… |
CVE-2026-6322 | High | 7.5 | 2026-05-05 | fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A… |
CVE-2026-0958 | High | 7.5 | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allow… |
CVE-2026-25223 | High | 7.5 | 2026-02-03 | Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body v… |
CVE-2021-0207 | High | 7.5 | 2021-01-15 | An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain tra… |
CVE-2026-33804 | High | 7.4 | 2026-04-16 | @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middle… |
CVE-2024-29034 | Medium | 6.8 | 2024-03-24 | CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vuln… |
CVE-2023-40718 | Medium | 6.7 | 2023-10-10 | A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. |
CVE-2023-39481 | Medium | 6.6 | 2024-05-03 | Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary… |