CWE-837
16 CVEs classified under CWE-837. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42609 | High | 8.1 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user c… |
CVE-2025-54315 | High | 7.1 | 2025-10-02 | The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness. |
CVE-2024-11301 | Medium | 6.5 | 2025-03-20 | In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of project… |
CVE-2024-4629 | Medium | 6.5 | 2024-09-03 | A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating mu… |
CVE-2025-58135 | Medium | 5.3 | 2025-09-09 | Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network… |
CVE-2023-6759 | Medium | 5.3 | 2023-12-13 | A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the compone… |
CVE-2023-5313 | Medium | 5.3 | 2023-09-30 | A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file aj… |
CVE-2025-62783 | Medium | 5.0 | 2025-10-27 | InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using… |
CVE-2023-6438 | Medium | 4.3 | 2023-11-30 | A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the comp… |
CVE-2026-44601 | Low | 3.7 | 2026-05-07 | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. |
CVE-2023-6467 | Low | 3.1 | 2023-12-02 | A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClic… |
CVE-2025-62784 | | 2025-10-27 | InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with th… | |
CVE-2025-62782 | | 2025-10-27 | InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiSt… | |
CVE-2024-11717 | | 2025-01-02 | Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a… | |
CVE-2024-11716 | | 2025-01-02 | While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticat… | |
CVE-2024-12123 | | 2024-12-04 | A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated us… |