CWE-472
131 CVEs classified under CWE-472. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-43933 | Critical | 9.8 | 2025-07-07 | fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP he… |
CVE-2025-43930 | Critical | 9.8 | 2025-07-07 | Hashview 0.8.1 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header. |
CVE-2024-25153 | Critical | 9.8 | 2024-03-13 | A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ director… |
CVE-2021-1295 | Critical | 9.8 | 2021-02-04 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau… |
CVE-2021-1294 | Critical | 9.8 | 2021-02-04 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau… |
CVE-2021-1293 | Critical | 9.8 | 2021-02-04 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau… |
CVE-2021-1292 | Critical | 9.8 | 2021-02-04 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau… |
CVE-2021-1291 | Critical | 9.8 | 2021-02-04 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau… |
CVE-2021-1290 | Critical | 9.8 | 2021-02-04 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau… |
CVE-2021-1289 | Critical | 9.8 | 2021-02-04 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau… |
CVE-2026-11088 | Critical | 9.6 | 2026-06-04 | Integer overflow in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a s… |
CVE-2026-34751 | Critical | 9.1 | 2026-04-01 | Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the passwo… |
CVE-2026-11211 | High | 8.8 | 2026-06-04 | Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (C… |
CVE-2026-11171 | High | 8.8 | 2026-06-04 | Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page… |
CVE-2026-11085 | High | 8.8 | 2026-06-04 | Integer overflow in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a c… |
CVE-2026-10987 | High | 8.8 | 2026-06-04 | Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (C… |
CVE-2026-10986 | High | 8.8 | 2026-06-04 | Integer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (C… |
CVE-2026-10965 | High | 8.8 | 2026-06-04 | Integer overflow in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pa… |
CVE-2026-10964 | High | 8.8 | 2026-06-04 | Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (C… |
CVE-2026-10963 | High | 8.8 | 2026-06-04 | Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (C… |