CWE-923
52 CVEs classified under CWE-923. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-17440 | Critical | 10.0 | 2019-12-20 | Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an… |
CVE-2026-34205 | Critical | 9.7 | 2026-03-27 | Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host n… |
CVE-2017-3891 | Critical | 9.6 | 2017-11-14 | In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enab… |
CVE-2023-28078 | Critical | 9.1 | 2024-02-15 | Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could p… |
CVE-2025-61939 | High | 8.8 | 2026-01-07 | An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local net… |
CVE-2025-20261 | High | 8.8 | 2025-06-04 | A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Se… |
CVE-2024-26131 | High | 8.4 | 2024-02-20 | Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious… |
CVE-2025-29986 | High | 8.3 | 2025-04-08 | Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Commo… |
CVE-2024-47490 | High | 8.2 | 2024-10-11 | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved… |
CVE-2021-38487 | High | 8.2 | 2022-05-05 | RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to fl… |
CVE-2024-47125 | High | 8.1 | 2024-09-26 | The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to th… |
CVE-2026-32317 | High | 7.6 | 2026-03-20 | Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerabil… |
CVE-2026-32318 | High | 7.6 | 2026-03-20 | Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability a… |
CVE-2026-32303 | High | 7.6 | 2026-03-20 | Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the… |
CVE-2025-23178 | High | 7.6 | 2025-04-29 | CWE-923: Improper Restriction of Communication Channel to Intended Endpoints |
CVE-2026-23664 | High | 7.5 | 2026-03-10 | Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a networ… |
CVE-2023-28971 | High | 7.2 | 2023-04-17 | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (P… |
CVE-2025-35978 | High | 7.1 | 2025-06-12 | Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to… |
CVE-2024-26013 | High | 7.1 | 2025-04-08 | A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7… |
CVE-2023-25518 | High | 7.1 | 2023-06-23 | NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to t… |