CWE-840
88 CVEs classified under CWE-840. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-4719 | Critical | 9.8 | 2022-12-27 | Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
CVE-2022-3363 | Critical | 9.8 | 2022-10-26 | Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. |
CVE-2022-32207 | Critical | 9.8 | 2022-07-07 | When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporar… |
CVE-2021-4171 | Critical | 9.8 | 2022-01-17 | calibre-web is vulnerable to Business Logic Errors |
CVE-2024-39671 | Critical | 9.3 | 2024-07-25 | Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2023-6514 | High | 8.8 | 2023-12-06 | The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability m… |
CVE-2022-0935 | High | 8.8 | 2022-04-07 | Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. |
CVE-2024-54098 | High | 8.5 | 2024-12-12 | Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity. |
CVE-2019-3787 | High | 8.3 | 2019-06-19 | Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does no… |
CVE-2025-1908 | High | 7.7 | 2025-04-24 | An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, a… |
CVE-2022-27782 | High | 7.5 | 2022-06-02 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previ… |
CVE-2022-0524 | High | 7.5 | 2022-02-08 | Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. |
CVE-2021-22926 | High | 7.5 | 2021-08-05 | libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with th… |
CVE-2022-1155 | High | 7.4 | 2022-03-30 | Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. |
CVE-2025-54611 | High | 7.3 | 2025-08-06 | EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2025-54606 | High | 7.3 | 2025-08-06 | Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
CVE-2024-58043 | High | 7.3 | 2025-03-04 | Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-51523 | High | 7.1 | 2024-11-05 | Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-1456 | High | 7.1 | 2024-04-16 | An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', whic… |
CVE-2023-6017 | High | 7.1 | 2023-11-16 | H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. |