CWE-684
27 CVEs classified under CWE-684. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-50357 | Critical | 9.8 | 2024-11-29 | FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configurat… |
CVE-2024-6425 | Critical | 9.1 | 2024-07-01 | Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts with… |
CVE-2023-24845 | Critical | 9.1 | 2023-08-08 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RU… |
CVE-2023-4258 | High | 8.6 | 2023-09-25 | In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisio… |
CVE-2025-66384 | High | 8.2 | 2025-11-28 | app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name. |
CVE-2025-58325 | High | 7.8 | 2025-10-14 | An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6… |
CVE-2025-47227 | High | 7.5 | 2025-07-05 | In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GE… |
CVE-2023-5363 | High | 7.5 | 2023-10-25 | Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns du… |
CVE-2024-20317 | High | 7.4 | 2024-09-11 | A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow a… |
CVE-2026-42255 | High | 7.2 | 2026-04-26 | Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation. |
CVE-2026-40685 | Medium | 6.5 | 2026-04-30 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header… |
CVE-2023-5158 | Medium | 6.5 | 2023-09-25 | A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of s… |
CVE-2026-40684 | Medium | 5.9 | 2026-04-30 | In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records… |
CVE-2024-6502 | Medium | 5.7 | 2024-08-22 | An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 pri… |
CVE-2024-5005 | Medium | 4.3 | 2024-10-11 | An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5… |
CVE-2025-54567 | Medium | 4.2 | 2025-07-25 | hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327. |
CVE-2026-44597 | Low | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011. |
CVE-2025-54568 | Low | 3.7 | 2025-07-25 | Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge n… |
CVE-2020-11054 | Low | 3.5 | 2020-05-07 | In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qut… |
CVE-2026-35379 | Low | 3.3 | 2026-04-22 | A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation… |