CWE-99 · Resource Injection
54 CVEs classified under CWE-99 (Resource Injection). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-5159 | Critical | 9.8 | 2017-02-13 | An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the upda… |
CVE-2025-2410 | Critical | 9.1 | 2025-05-22 | Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compr… |
CVE-2025-0756 | Critical | 9.1 | 2025-04-16 | Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an id… |
CVE-2024-57971 | Critical | 9.1 | 2025-02-16 | DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning… |
CVE-2024-5706 | High | 8.8 | 2025-02-19 | The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a res… |
CVE-2023-3517 | High | 8.5 | 2023-12-12 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creat… |
CVE-2022-39369 | High | 8.0 | 2022-11-01 | phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS lib… |
CVE-2020-5230 | High | 7.7 | 2020-01-30 | Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security… |
CVE-2021-42360 | High | 7.6 | 2021-11-17 | On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level… |
CVE-2026-3693 | High | 7.3 | 2026-03-08 | A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat… |
CVE-2023-6605 | High | 7.2 | 2025-01-06 | A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg vi… |
CVE-2026-33603 | Medium | 6.8 | 2026-05-12 | Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to p… |
CVE-2022-1287 | Medium | 6.5 | 2022-04-09 | A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.ph… |
CVE-2020-6245 | Medium | 6.5 | 2020-05-12 | SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed… |
CVE-2026-10168 | Medium | 6.3 | 2026-05-31 | A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affecte… |
CVE-2025-1645 | Medium | 6.3 | 2025-02-25 | A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/… |
CVE-2024-4817 | Medium | 6.3 | 2024-05-13 | A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the fil… |
CVE-2024-4294 | Medium | 6.3 | 2024-04-27 | A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknow… |
CVE-2023-2980 | Medium | 6.3 | 2023-05-30 | A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler… |
CVE-2019-1860 | Medium | 5.9 | 2019-05-16 | A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate… |