CWE-838

12 CVEs classified under CWE-838. Browse by severity and year.

Top CVEs for CWE-838
CVESeverityScorePublishedSummary
CVE-2025-4052Critical9.82025-05-05Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestur…
CVE-2019-18981Critical9.82019-11-15Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2020-10996High8.12020-04-27An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place…
CVE-2018-9862High7.82018-04-09util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric va…
CVE-2024-11702High7.52024-11-26Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history…
CVE-2019-6110Medium6.82019-01-31In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the…
CVE-2023-6512Medium6.52023-12-06Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe…
CVE-2023-5770Medium5.32024-01-09Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML…
CVE-2024-34006Medium4.32024-05-31The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.
CVE-2023-3735Medium4.32023-08-01Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a cra…
CVE-2020-7292Medium4.32020-07-15Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous…
CVE-2020-29135Medium4.12020-11-27cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).