CWE-187

5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-187page 1 of 1

CVE-2022-31802CRITICALCVSS 9.8EG 9.8
2022-06-24
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matche…
CVE-2024-39742HIGHCVSS 8.1EG 8.1
2024-07-08
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.
CVE-2024-39743MEDIUMCVSS 5.9EG 5.9
2024-07-08
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to co…
CVE-2024-41110CRITICALCVSS 9.9EG 9.9
2024-07-24
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under sp…
CVE-2026-44837MEDIUMCVSS 5.9EG 5.9
2026-05-26
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whe…

Map vulnerabilities like CWE-187 to your infrastructure

EchelonGraph correlates every CVE — across CWE-187 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →