CWE-1288
21 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1288page 1 of 1
- CVE-2021-41531HIGHCVSS 7.5EG 7.52021-09-21
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling R…
- CVE-2022-39353CRITICALCVSS 9.4EG 9.42022-11-02
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childN…
- CVE-2022-50976HIGHCVSS 7.7EG 7.72026-02-02
A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
- CVE-2023-1619MEDIUMCVSS 4.9EG 4.92023-06-26
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
- CVE-2023-1620MEDIUMCVSS 4.9EG 4.92023-06-26
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
- CVE-2023-32701HIGHCVSS 7.1EG 7.12023-11-14
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
- CVE-2023-6245HIGHCVSS 7.5EG 7.52023-12-08
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid …
- CVE-2024-12093MEDIUMCVSS 6.8EG 6.82025-05-22
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized…
- CVE-2024-25951HIGHCVSS 8.0EG 8.02024-03-09
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
- CVE-2024-27371MEDIUMCVSS 6.7EG 6.72024-06-05
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_…
- CVE-2024-27375MEDIUMCVSS 6.7EG 6.72024-06-05
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_…
- CVE-2024-31136HIGHCVSS 7.4EG 7.42024-03-28
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
- CVE-2024-31140MEDIUMCVSS 4.1EG 4.12024-03-28
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
- CVE-2024-39515HIGHCVSS 7.5EG 7.52024-10-09
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP p…
- CVE-2024-5953MEDIUMCVSS 5.7EG 5.72024-06-18
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
- CVE-2024-8305MEDIUMCVSS 6.5EG 6.52024-10-21
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server …
- CVE-2025-10929MEDIUMCVSS 5.3EG 5.32025-10-30
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
- CVE-2025-2885MEDIUMCVSS 4.5EG 4.52025-03-27
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users s…
- CVE-2025-46722MEDIUMCVSS 4.2EG 4.22025-05-29
vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its ima…
- CVE-2025-9999HIGHCVSS 7.6EG 0.02025-09-05
Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.
- CVE-2026-9689MEDIUMCVSS 4.2EG 4.22026-05-27
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication…
Map vulnerabilities like CWE-1288 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1288 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →