CWE-841 · Improper Enforcement of Behavioral Workflow
42 CVEs classified under CWE-841 (Improper Enforcement of Behavioral Workflow). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-2102 | Critical | 9.4 | 2022-06-24 | Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modif… |
CVE-2022-2105 | Critical | 9.4 | 2022-06-24 | Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for… |
CVE-2026-43937 | High | 8.8 | 2026-05-12 | YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewri… |
CVE-2024-0410 | High | 7.7 | 2024-02-21 | An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A devel… |
CVE-2026-41259 | High | 7.5 | 2026-04-23 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up… |
CVE-2022-1667 | High | 7.5 | 2022-06-24 | Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the correspo… |
CVE-2026-42246 | High | 7.4 | 2026-05-09 | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-mi… |
CVE-2025-52469 | High | 7.1 | 2026-03-02 | Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allo… |
CVE-2023-5921 | High | 7.1 | 2023-11-22 | Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396. |
CVE-2025-58051 | Medium | 6.5 | 2025-10-16 | Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specif… |
CVE-2024-13065 | Medium | 6.3 | 2025-09-03 | Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 -… |
CVE-2025-55682 | Medium | 6.1 | 2025-10-14 | Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
CVE-2025-55337 | Medium | 6.1 | 2025-10-14 | Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
CVE-2025-55332 | Medium | 6.1 | 2025-10-14 | Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
CVE-2025-55330 | Medium | 6.1 | 2025-10-14 | Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
CVE-2026-45023 | Medium | 5.4 | 2026-05-28 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{b… |
CVE-2023-4181 | Medium | 5.4 | 2023-08-06 | A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this i… |
CVE-2023-1383 | Medium | 5.4 | 2023-05-03 | An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register se… |
CVE-2024-39325 | Medium | 5.3 | 2024-07-02 | aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-contr… |
CVE-2024-6128 | Medium | 5.3 | 2024-06-18 | A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout o… |