CWE-86
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-86page 1 of 1
- CVE-2021-33158HIGHCVSS 7.2EG 7.22024-02-23
Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2023-22840LOWCVSS 3.3EG 3.32023-08-11
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2023-31126CRITICALCVSS 9.0EG 9.02023-05-09
`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid…
- CVE-2023-38522HIGHCVSS 7.5EG 7.52024-07-26
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vu…
- CVE-2024-10941MEDIUMCVSS 6.5EG 6.52024-11-06
A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
- CVE-2024-21864HIGHCVSS 7.8EG 7.82024-05-16
Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.
- CVE-2025-20166MEDIUMCVSS 5.4EG 5.42025-01-08
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This v…
- CVE-2025-20167MEDIUMCVSS 5.4EG 5.42025-01-08
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This v…
- CVE-2025-20168MEDIUMCVSS 5.4EG 5.42025-01-08
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This v…
- CVE-2025-66606CRITICALCVSS 9.6EG 9.62026-02-09
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versi…
- CVE-2026-28417MEDIUMCVSS 4.4EG 4.42026-02-27
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` pr…
Map vulnerabilities like CWE-86 to your infrastructure
EchelonGraph correlates every CVE — across CWE-86 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →