CWE-696
34 CVEs classified under CWE-696. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45033 | High | 7.8 | 2026-05-13 | GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub… |
CVE-2025-31485 | High | 7.5 | 2025-04-03 | API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with… |
CVE-2021-22569 | High | 7.5 | 2022-01-07 | An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small ma… |
CVE-2021-31379 | High | 7.5 | 2021-10-19 | An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed… |
CVE-2026-35637 | High | 7.3 | 2026-04-09 | OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final… |
CVE-2024-24853 | High | 7.2 | 2024-08-14 | Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to poten… |
CVE-2023-33224 | High | 7.2 | 2023-07-26 | The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds… |
CVE-2025-0150 | High | 7.1 | 2025-03-11 | Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network ac… |
CVE-2026-35652 | Medium | 6.5 | 2026-04-10 | OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action… |
CVE-2026-35636 | Medium | 6.5 | 2026-04-09 | OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session key… |
CVE-2026-35627 | Medium | 6.5 | 2026-04-09 | OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation… |
CVE-2024-30389 | Medium | 5.8 | 2024-04-12 | An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, networ… |
CVE-2024-30410 | Medium | 5.8 | 2024-04-12 | An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE inst… |
CVE-2021-47688 | Medium | 5.7 | 2025-06-23 | In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass the allow-list functionality because a file can be truncated in… |
CVE-2026-33305 | Medium | 5.4 | 2026-03-19 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optio… |
CVE-2026-43002 | Medium | 5.3 | 2026-05-05 | An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and t… |
CVE-2026-35640 | Medium | 5.3 | 2026-04-09 | OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsi… |
CVE-2025-9904 | Medium | 5.3 | 2025-09-29 | Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Print… |
CVE-2025-55114 | Medium | 5.3 | 2025-09-16 | The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake… |
CVE-2024-35229 | Medium | 5.3 | 2024-05-27 | ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_… |