CWE-172
13 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-172page 1 of 1
- CVE-2018-2415MEDIUMCVSS 4.7EG 4.72018-05-09
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting…
- CVE-2018-3777CRITICALCVSS 9.8EG 9.82018-08-03
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.
- CVE-2018-7173MEDIUMCVSS 5.5EG 5.52018-02-15
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
- CVE-2018-7289LOWCVSS 3.3EG 3.32018-02-21
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after…
- CVE-2019-10153MEDIUMCVSS 5.0EG 5.02019-07-30
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventi…
- CVE-2019-10160CRITICALCVSS 9.8EG 9.82019-06-07
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2…
- CVE-2019-12677MEDIUMCVSS 6.5EG 6.52019-10-02
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new …
- CVE-2021-33604LOWCVSS 2.5EG 2.52021-06-24
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code…
- CVE-2024-48909LOWCVSS 2.0EG 2.02024-10-14
SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation p…
- CVE-2025-12758HIGHCVSS 7.5EG 7.52025-11-27
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) a…
- CVE-2025-27110HIGHCVSS 7.5EG 7.52025-02-25
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsec…
- CVE-2025-59362MEDIUMCVSS 4.0EG 8.22025-09-26
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
- CVE-2026-42926MEDIUMCVSS 5.8EG 5.82026-05-13
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versio…
Map vulnerabilities like CWE-172 to your infrastructure
EchelonGraph correlates every CVE — across CWE-172 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →