CWE-135

2 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-135page 1 of 1

CVE-2026-0810HIGHCVSS 7.1EG 7.1
2026-01-26
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined …
CVE-2026-34831MEDIUMCVSS 4.8EG 4.8
2026-04-02
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When the response body contains multibyte UTF-…

Map vulnerabilities like CWE-135 to your infrastructure

EchelonGraph correlates every CVE — across CWE-135 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →