CWE-791
31 CVEs classified under CWE-791. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-0324 | Critical | 9.4 | 2025-06-02 | The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. |
CVE-2024-47590 | High | 8.8 | 2024-11-12 | An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, inp… |
CVE-2022-21668 | High | 8.0 | 2022-01-10 | pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files a… |
CVE-2026-7164 | High | 7.5 | 2026-04-30 | Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attac… |
CVE-2025-6761 | High | 7.3 | 2025-06-27 | A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function… |
CVE-2026-48208 | Medium | 6.5 | 2026-06-01 | An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SV… |
CVE-2025-59303 | Medium | 6.4 | 2025-10-08 | HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permi… |
CVE-2026-9498 | Medium | 6.3 | 2026-05-25 | A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handl… |
CVE-2026-8740 | Medium | 6.3 | 2026-05-17 | A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/view… |
CVE-2026-5559 | Medium | 6.3 | 2026-04-05 | A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of t… |
CVE-2026-3725 | Medium | 6.3 | 2026-03-08 | A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/… |
CVE-2025-14731 | Medium | 6.3 | 2025-12-16 | A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser… |
CVE-2025-6518 | Medium | 6.3 | 2025-06-23 | A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend… |
CVE-2025-5325 | Medium | 6.3 | 2025-05-29 | A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerabi… |
CVE-2025-2040 | Medium | 6.3 | 2025-03-06 | A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /… |
CVE-2024-39283 | Medium | 6.0 | 2024-08-14 | Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable… |
CVE-2023-31172 | Medium | 5.9 | 2023-08-31 | An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an att… |
CVE-2024-39899 | Medium | 5.3 | 2024-07-09 | PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was… |
CVE-2025-2336 | Medium | 4.8 | 2025-06-04 | Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to b… |
CVE-2025-0716 | Medium | 4.8 | 2025-04-29 | Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image sou… |