CWE-403

5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-403page 1 of 1

CVE-2024-21626HIGHCVSS 8.6EG 8.6
2024-01-31
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc e…
CVE-2024-58280HIGHCVSS 8.8EG 8.8
2025-12-10
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to …
CVE-2025-15114CRITICALCVSS 9.8EG 9.8
2025-12-30
Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response …
CVE-2025-3032HIGHCVSS 7.4EG 7.4
2025-04-01
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.
CVE-2026-40042CRITICALCVSS 9.8EG 9.8
2026-04-13
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities throu…

Map vulnerabilities like CWE-403 to your infrastructure

EchelonGraph correlates every CVE — across CWE-403 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →