CWE-474
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-474page 1 of 1
- CVE-2021-0294MEDIUMCVSS 5.3EG 5.32021-07-15
A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if "storm-control enhanced" is configure…
- CVE-2024-1672MEDIUMCVSS 5.4EG 8.82024-02-21
Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-1694HIGHCVSS 7.8EG 7.82024-06-07
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High)
- CVE-2024-2628MEDIUMCVSS 4.3EG 4.32024-03-20
Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)
- CVE-2024-5836HIGHCVSS 8.8EG 8.82024-06-11
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severit…
- CVE-2024-5839MEDIUMCVSS 6.5EG 6.52024-06-11
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-7001MEDIUMCVSS 4.3EG 4.32024-08-06
Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medi…
- CVE-2026-0902HIGHCVSS 8.8EG 9.82026-01-20
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-11097MEDIUMCVSS 6.5EG 6.52026-06-04
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-11102HIGHCVSS 8.8EG 8.82026-06-04
Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: Medium)
- CVE-2026-24010HIGHCVSS 8.0EG 8.02026-01-22
Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a mali…
Map vulnerabilities like CWE-474 to your infrastructure
EchelonGraph correlates every CVE — across CWE-474 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →