CWE-547
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-547page 1 of 1
- CVE-2017-0928MEDIUMCVSS 6.1EG 6.12018-06-04
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
- CVE-2019-14837CRITICALCVSS 9.1EG 9.12020-01-07
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the em…
- CVE-2023-1712CRITICALCVSS 9.8EG 9.82023-03-30
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.
- CVE-2024-32021LOWCVSS 3.9EG 3.92024-05-14
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-re…
- CVE-2024-39888HIGHCVSS 7.5EG 7.52024-07-09
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no ind…
- CVE-2024-41885MEDIUMCVSS 5.6EG 0.02024-12-24
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the m…
- CVE-2025-2079HIGHCVSS 8.7EG 0.02025-03-13
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.
- CVE-2025-2081HIGHCVSS 8.7EG 0.02025-03-13
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
- CVE-2025-23253LOWCVSS 2.5EG 2.52025-04-22
NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerabilit…
- CVE-2025-30206CRITICALCVSS 9.8EG 9.82025-04-15
Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and comprom…
- CVE-2025-49151CRITICALCVSS 9.3EG 9.12025-06-25
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
Map vulnerabilities like CWE-547 to your infrastructure
EchelonGraph correlates every CVE — across CWE-547 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →