CWE-914
6 CVEs classified under CWE-914. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-33175 | Critical | 9.1 | 2023-05-30 | ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables… |
CVE-2024-54198 | High | 8.5 | 2024-12-10 | In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted desti… |
CVE-2024-24914 | High | 8.0 | 2024-11-07 | Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is ava… |
CVE-2026-35173 | Medium | 6.5 | 2026-04-06 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users… |
CVE-2025-14085 | Medium | 6.3 | 2025-12-05 | A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the… |
CVE-2025-14051 | Medium | 6.3 | 2025-12-04 | A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addr… |