CWE-1025
9 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1025page 1 of 1
- CVE-2024-20342MEDIUMCVSS 5.8EG 5.82024-10-23
Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter. This vulnerabili…
- CVE-2025-25306CRITICALCVSS 9.3EG 9.32025-03-10
Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacker can forge an object where they claim …
- CVE-2025-27839LOWCVSS 3.2EG 3.22025-03-08
operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Ex…
- CVE-2025-2887MEDIUMCVSS 4.5EG 4.52025-03-27
During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or …
- CVE-2025-2888MEDIUMCVSS 4.5EG 4.52025-03-27
During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the ca…
- CVE-2025-32464MEDIUMCVSS 6.8EG 6.82025-04-09
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
- CVE-2026-21691MEDIUMCVSS 5.4EG 5.42026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
- CVE-2026-40227MEDIUMCVSS 6.2EG 6.22026-04-10
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
- CVE-2026-40880HIGHCVSS 8.1EG 8.12026-04-21
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefull…
Map vulnerabilities like CWE-1025 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1025 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →