CWE-820
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-820page 1 of 1
- CVE-2022-25210MEDIUMCVSS 6.5EG 2.62022-02-15
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.
- CVE-2022-50238HIGHCVSS 7.4EG 7.42025-09-08
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than…
- CVE-2023-2801HIGHCVSS 7.5EG 7.52023-06-06
Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The on…
- CVE-2023-45084HIGHCVSS 7.0EG 7.02023-12-05
An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, w…
- CVE-2024-30387MEDIUMCVSS 6.5EG 6.52024-04-12
A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while…
- CVE-2024-49114HIGHCVSS 7.8EG 7.82024-12-12
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- CVE-2025-1445HIGHCVSS 7.5EG 7.52025-03-25
A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active…
- CVE-2025-47154CRITICALCVSS 9.0EG 9.02025-05-01
LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says…
- CVE-2025-47999MEDIUMCVSS 6.8EG 6.82025-07-08
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
- CVE-2025-49751MEDIUMCVSS 6.8EG 6.82025-08-12
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
- CVE-2026-44318MEDIUMCVSS 6.5EG 6.52026-05-27
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the m…
Map vulnerabilities like CWE-820 to your infrastructure
EchelonGraph correlates every CVE — across CWE-820 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →