CWE-625
8 CVEs classified under CWE-625. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32973 | Critical | 9.8 | 2026-03-29 | OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and… |
CVE-2018-8926 | High | 8.8 | 2018-06-08 | Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated u… |
CVE-2026-23651 | Medium | 6.7 | 2026-03-05 | Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. |
CVE-2026-37737 | Medium | 6.5 | 2026-06-05 | sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anc… |
CVE-2020-8910 | Medium | 6.5 | 2020-03-26 | A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by… |
CVE-2026-34830 | Medium | 5.9 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-M… |
CVE-2023-6544 | Medium | 5.4 | 2024-04-25 | A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dyn… |
CVE-2026-34763 | Medium | 5.3 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a… |