CWE-939
14 CVEs classified under CWE-939. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-33606 | High | 8.8 | 2024-06-11 | An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM View… |
CVE-2026-35394 | High | 8.3 | 2026-04-06 | Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly… |
CVE-2026-1046 | High | 7.6 | 2026-02-16 | Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on… |
CVE-2021-31384 | High | 7.2 | 2021-10-19 | Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Ne… |
CVE-2026-3471 | Medium | 6.5 | 2026-05-18 | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows… |
CVE-2020-11000 | Medium | 5.7 | 2020-04-08 | GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be suscept… |
CVE-2026-26123 | Medium | 5.5 | 2026-03-10 | Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. |
CVE-2023-43582 | Medium | 5.5 | 2023-11-14 | Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. |
CVE-2022-20736 | Medium | 5.3 | 2022-06-15 | A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a conf… |
CVE-2025-41408 | Medium | 4.3 | 2025-09-05 | Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated at… |
CVE-2024-54014 | Low | 3.6 | 2024-12-05 | Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allo… |
CVE-2024-54125 | Low | 3.3 | 2024-12-17 | Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to ac… |
CVE-2025-67739 | Low | 3.1 | 2025-12-11 | In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure |
CVE-2026-33335 | | 2026-03-24 | Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper pas… |