CWE-840

88 CVEs classified under CWE-840. Browse by severity and year.

Top CVEs for CWE-840
CVESeverityScorePublishedSummary
CVE-2022-4719Critical9.82022-12-27Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.
CVE-2022-3363Critical9.82022-10-26Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.
CVE-2022-32207Critical9.82022-07-07When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporar…
CVE-2021-4171Critical9.82022-01-17calibre-web is vulnerable to Business Logic Errors
CVE-2024-39671Critical9.32024-07-25Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-6514High8.82023-12-06 The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability m…
CVE-2022-0935High8.82022-04-07Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
CVE-2024-54098High8.52024-12-12Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2019-3787High8.32019-06-19Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does no…
CVE-2025-1908High7.72025-04-24An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, a…
CVE-2022-27782High7.52022-06-02libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previ…
CVE-2022-0524High7.52022-02-08Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
CVE-2021-22926High7.52021-08-05libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with th…
CVE-2022-1155High7.42022-03-30Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
CVE-2025-54611High7.32025-08-06EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-54606High7.32025-08-06Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2024-58043High7.32025-03-04Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-51523High7.12024-11-05Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-1456High7.12024-04-16An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', whic…
CVE-2023-6017High7.12023-11-16H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.