CWE-838
12 CVEs classified under CWE-838. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-4052 | Critical | 9.8 | 2025-05-05 | Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestur… |
CVE-2019-18981 | Critical | 9.8 | 2019-11-15 | Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. |
CVE-2020-10996 | High | 8.1 | 2020-04-27 | An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place… |
CVE-2018-9862 | High | 7.8 | 2018-04-09 | util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric va… |
CVE-2024-11702 | High | 7.5 | 2024-11-26 | Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history… |
CVE-2019-6110 | Medium | 6.8 | 2019-01-31 | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the… |
CVE-2023-6512 | Medium | 6.5 | 2023-12-06 | Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe… |
CVE-2023-5770 | Medium | 5.3 | 2024-01-09 | Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML… |
CVE-2024-34006 | Medium | 4.3 | 2024-05-31 | The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered. |
CVE-2023-3735 | Medium | 4.3 | 2023-08-01 | Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a cra… |
CVE-2020-7292 | Medium | 4.3 | 2020-07-15 | Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous… |
CVE-2020-29135 | Medium | 4.1 | 2020-11-27 | cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). |