CWE-394
13 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-394page 1 of 1
- CVE-2018-20802MEDIUMCVSS 6.5EG 6.52020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Serve…
- CVE-2019-0066HIGHCVSS 7.5EG 7.52019-10-09
An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process …
- CVE-2019-20924MEDIUMCVSS 6.5EG 6.52020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.
- CVE-2022-24880MEDIUMCVSS 5.3EG 5.32022-04-25
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.…
- CVE-2023-25948HIGHCVSS 7.5EG 7.52023-07-13
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
- CVE-2023-28975MEDIUMCVSS 4.6EG 4.62023-04-17
An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are conne…
- CVE-2023-48429LOWCVSS 2.7EG 2.72023-12-12
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending…
- CVE-2024-1713HIGHCVSS 7.2EG 7.22024-03-14
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.
- CVE-2025-12515CRITICALCVSS 9.8EG 9.82025-10-30
Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12516CRITICALCVSS 9.8EG 9.82025-10-30
Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-22854MEDIUMCVSS 6.9EG 0.02025-06-15
Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.
- CVE-2025-23013HIGHCVSS 7.3EG 0.02025-01-15
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenti…
- CVE-2025-48510HIGHCVSS 7.1EG 7.12025-11-24
Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
Map vulnerabilities like CWE-394 to your infrastructure
EchelonGraph correlates every CVE — across CWE-394 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →