CWE-488
26 CVEs classified under CWE-488. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47928 | Critical | 9.1 | 2025-05-15 | Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/i… |
CVE-2025-1247 | High | 8.3 | 2025-02-13 | A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This… |
CVE-2024-38367 | High | 8.2 | 2024-07-01 | trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk ses… |
CVE-2023-1907 | High | 8.0 | 2025-01-09 | A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if… |
CVE-2024-5148 | High | 7.5 | 2024-09-02 | A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus metho… |
CVE-2024-6162 | High | 7.5 | 2024-06-20 | A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises beca… |
CVE-2023-6519 | High | 7.5 | 2024-02-08 | Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects… |
CVE-2024-27935 | High | 7.2 | 2024-03-06 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibil… |
CVE-2024-41977 | High | 7.1 | 2024-08-13 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2… |
CVE-2022-40210 | Medium | 6.8 | 2023-05-10 | Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of pr… |
CVE-2026-33215 | Medium | 6.5 | 2026-03-24 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to ver… |
CVE-2026-23646 | Medium | 6.5 | 2026-01-19 | OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end… |
CVE-2026-9831 | Medium | 6.3 | 2026-05-29 | A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermit… |
CVE-2026-46416 | Medium | 6.3 | 2026-05-27 | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocke… |
CVE-2025-2312 | Medium | 5.9 | 2025-03-25 | A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong na… |
CVE-2024-7049 | Medium | 5.4 | 2024-10-10 | In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to p… |
CVE-2024-11094 | Medium | 5.3 | 2024-11-16 | The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. Thi… |
CVE-2025-27606 | Medium | 5.1 | 2025-03-14 | Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user… |
CVE-2024-1223 | Medium | 4.8 | 2024-03-14 | This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge o… |
CVE-2026-27492 | Medium | 4.7 | 2026-02-21 | Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties (such as to, subject, html, text, and attachme… |