CWE-636
31 CVEs classified under CWE-636. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3729 | Critical | 9.8 | 2024-05-02 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all ver… |
CVE-2026-40525 | Critical | 9.1 | 2026-04-17 | OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fa… |
CVE-2024-43532 | High | 8.8 | 2024-10-08 | Remote Registry Service Elevation of Privilege Vulnerability |
CVE-2021-1578 | High | 8.8 | 2021-08-25 | A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (C… |
CVE-2023-4030 | High | 8.4 | 2023-08-17 | A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings… |
CVE-2026-42423 | High | 7.5 | 2026-04-28 | OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec… |
CVE-2026-35042 | High | 7.5 | 2026-04-06 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critical) Header Parameter defined in RF… |
CVE-2024-8185 | High | 7.5 | 2024-10-31 | Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through mem… |
CVE-2023-28840 | High | 7.5 | 2023-04-04 | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream pro… |
CVE-2026-42246 | High | 7.4 | 2026-05-09 | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-mi… |
CVE-2023-28841 | Medium | 6.8 | 2023-04-04 | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream pro… |
CVE-2023-28842 | Medium | 6.8 | 2023-04-04 | Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream pr… |
CVE-2026-41334 | Medium | 6.5 | 2026-04-23 | OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers… |
CVE-2024-2660 | Medium | 6.4 | 2024-04-04 | Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerabi… |
CVE-2021-3614 | Medium | 6.4 | 2021-07-16 | A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions d… |
CVE-2025-41760 | Medium | 4.9 | 2026-03-09 | An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restric… |
CVE-2025-41759 | Medium | 4.9 | 2026-03-09 | An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not tr… |
CVE-2023-22943 | Medium | 4.8 | 2023-02-14 | In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Mod… |
CVE-2026-41377 | Medium | 4.6 | 2026-04-28 | OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers… |
CVE-2025-21210 | Medium | 4.2 | 2025-01-14 | Windows BitLocker Information Disclosure Vulnerability |