CWE-233
21 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-233page 1 of 1
- CVE-2020-10069MEDIUMCVSS 4.3EG 4.32021-05-25
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/a…
- CVE-2021-0269HIGHCVSS 8.8EG 8.82021-04-22
The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be a…
- CVE-2021-1230HIGHCVSS 8.6EG 8.62021-02-24
A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which …
- CVE-2021-45477MEDIUMCVSS 6.5EG 6.52023-03-02
Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users. This issue affects Library Automation System: before 19.2.
- CVE-2021-45478MEDIUMCVSS 6.5EG 6.52023-03-02
Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users. This issue affects Library Automation System: before 19.2.
- CVE-2022-22792MEDIUMCVSS 6.6EG 6.62022-02-16
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridDat…
- CVE-2022-32261MEDIUMCVSS 5.3EG 7.52022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.
- CVE-2022-3697HIGHCVSS 7.5EG 7.52022-10-28
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter …
- CVE-2022-45182CRITICALCVSS 9.8EG 9.82022-11-11
Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.
- CVE-2023-1419MEDIUMCVSS 5.9EG 5.92024-11-17
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing o…
- CVE-2023-20076HIGHCVSS 7.2EG 8.82023-02-12
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitizat…
- CVE-2023-26549HIGHCVSS 7.5EG 7.52023-03-27
The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2023-28898MEDIUMCVSS 5.3EG 5.32024-01-12
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause deni…
- CVE-2023-40819MEDIUMCVSS 6.1EG 6.12024-08-06
ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability.
- CVE-2023-7261HIGHCVSS 7.8EG 7.32024-06-07
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
- CVE-2024-20306MEDIUMCVSS 6.0EG 6.02024-03-27
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vuln…
- CVE-2024-24525CRITICALCVSS 9.8EG 9.82024-02-29
An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL.
- CVE-2024-25979MEDIUMCVSS 5.3EG 5.32024-02-19
The URL parameters accepted by forum search were not limited to the allowed parameters.
- CVE-2024-31808HIGHCVSS 8.8EG 8.82024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
- CVE-2024-33433MEDIUMCVSS 4.8EG 4.82024-05-14
Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page.
- CVE-2024-9329MEDIUMCVSS 6.1EG 6.12024-09-30
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an …
Map vulnerabilities like CWE-233 to your infrastructure
EchelonGraph correlates every CVE — across CWE-233 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →