CWE-790
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-790page 1 of 1
- CVE-2021-43802CRITICALCVSS 9.9EG 9.92021-12-09
Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be u…
- CVE-2023-22578CRITICALCVSS 10.0EG 10.02023-02-16
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.
- CVE-2023-45239CRITICALCVSS 9.8EG 9.82023-10-06
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands an…
- CVE-2024-31616HIGHCVSS 8.8EG 8.82024-04-23
An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file.
- CVE-2024-42416HIGHCVSS 8.8EG 8.42024-09-05
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scs…
- CVE-2024-43442MEDIUMCVSS 4.9EG 4.92024-08-26
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration t…
- CVE-2024-43443MEDIUMCVSS 4.9EG 4.92024-08-26
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management target…
- CVE-2024-47984MEDIUMCVSS 4.4EG 4.42024-12-13
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after re…
- CVE-2024-6540MEDIUMCVSS 5.7EG 5.72024-07-15
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The …
- CVE-2025-0431MEDIUMCVSS 5.8EG 5.82025-03-19
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filte…
- CVE-2026-9658HIGHCVSS 7.3EG 7.32026-05-28
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-enc…
Map vulnerabilities like CWE-790 to your infrastructure
EchelonGraph correlates every CVE — across CWE-790 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →