CWE-283
10 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-283page 1 of 1
- CVE-2020-8554MEDIUMCVSS 6.3EG 5.02021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which…
- CVE-2021-24500HIGHCVSS 8.1EG 8.12021-08-09
Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit…
- CVE-2021-24501HIGHCVSS 8.1EG 8.12021-08-09
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to mod…
- CVE-2022-29220MEDIUMCVSS 6.5EG 6.52022-05-31
github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the…
- CVE-2023-30544LOWCVSS 3.9EG 3.92023-04-24
Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with…
- CVE-2023-6068LOWCVSS 3.1EG 3.12024-03-04
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being…
- CVE-2024-1853MEDIUMCVSS 5.5EG 5.52024-03-14
Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers.
- CVE-2024-27903CRITICALCVSS 9.8EG 7.22024-07-08
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
- CVE-2026-44562MEDIUMCVSS 6.5EG 6.52026-05-15
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.models_import permission to overwrite any existing m…
- CVE-2026-44707MEDIUMCVSS 6.8EG 6.82026-05-26
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, a…
Map vulnerabilities like CWE-283 to your infrastructure
EchelonGraph correlates every CVE — across CWE-283 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →