CWE-242
6 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-242page 1 of 1
- CVE-2017-1002157CRITICALCVSS 9.82019-01-10
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.
- CVE-2021-40698HIGHCVSS 7.4EG 7.42023-09-07
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could lever…
- CVE-2021-42543HIGHCVSS 7.8EG 7.82021-11-05
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.
- CVE-2022-36310HIGHCVSS 8.8EG 8.82022-08-16
Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other Ai…
- CVE-2024-52324CRITICALCVSS 9.8EG 9.82024-12-06
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
- CVE-2026-6477HIGHCVSS 8.8EG 8.82026-05-14
Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-lar…
Map vulnerabilities like CWE-242 to your infrastructure
EchelonGraph correlates every CVE — across CWE-242 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →