CWE-650
9 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-650page 1 of 1
- CVE-2022-38115MEDIUMCVSS 5.3EG 5.32022-11-23
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
- CVE-2023-50327MEDIUMCVSS 5.3EG 5.32024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.
- CVE-2024-28787HIGHCVSS 8.7EG 8.72024-04-04
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP reque…
- CVE-2024-45097MEDIUMCVSS 5.9EG 5.92024-09-05
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
- CVE-2024-45098MEDIUMCVSS 6.8EG 6.82024-09-05
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
- CVE-2024-45282MEDIUMCVSS 4.3EG 4.32024-10-08
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against extern…
- CVE-2024-56339LOWCVSS 3.7EG 3.72025-08-07
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.
- CVE-2025-21120HIGHCVSS 8.3EG 8.32025-08-04
Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability…
- CVE-2026-44548HIGHCVSS 8.1EG 8.12026-05-12
ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user…
Map vulnerabilities like CWE-650 to your infrastructure
EchelonGraph correlates every CVE — across CWE-650 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →