CWE-551
10 CVEs classified under CWE-551. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-23924 | Critical | 10.0 | 2023-01-31 | Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This ma… |
CVE-2016-20030 | Critical | 9.8 | 2026-03-15 | ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial char… |
CVE-2021-32779 | High | 8.6 | 2021-08-24 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled… |
CVE-2021-32777 | High | 8.6 | 2021-08-24 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension… |
CVE-2026-4636 | High | 8.1 | 2026-04-02 | A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attack… |
CVE-2021-28165 | High | 7.5 | 2021-04-01 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. |
CVE-2021-31384 | High | 7.2 | 2021-10-19 | Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Ne… |
CVE-2026-0707 | Medium | 5.3 | 2026-01-08 | A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It… |
CVE-2021-34429 | Medium | 5.3 | 2021-07-15 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF… |
CVE-2021-28164 | Medium | 5.3 | 2021-04-01 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access prot… |