CWE-453
14 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-453page 1 of 1
- CVE-2021-27426CRITICALCVSS 9.8EG 9.82022-03-23
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.
- CVE-2022-3262HIGHCVSS 8.1EG 8.12022-12-08
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confid…
- CVE-2022-46831MEDIUMCVSS 6.6EG 4.92022-12-08
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
- CVE-2022-47194MEDIUMCVSS 5.4EG 5.42023-01-19
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escala…
- CVE-2022-47195MEDIUMCVSS 5.4EG 5.42023-01-19
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escala…
- CVE-2022-47196MEDIUMCVSS 5.4EG 5.42023-01-19
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escala…
- CVE-2022-47197MEDIUMCVSS 5.4EG 5.42023-01-19
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escala…
- CVE-2023-27516HIGHCVSS 7.3EG 7.32023-10-12
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to…
- CVE-2024-21411HIGHCVSS 8.8EG 8.82024-03-12
Skype for Consumer Remote Code Execution Vulnerability
- CVE-2024-34734HIGHCVSS 7.8EG 7.72024-08-15
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no addition…
- CVE-2024-39916MEDIUMCVSS 6.4EG 6.42024-07-12
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export …
- CVE-2024-41255HIGHCVSS 7.5EG 5.92024-07-31
filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go.
- CVE-2024-44096MEDIUMCVSS 4.4EG 4.42024-09-13
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-49120HIGHCVSS 8.1EG 8.12024-12-12
Windows Remote Desktop Services Remote Code Execution Vulnerability
Map vulnerabilities like CWE-453 to your infrastructure
EchelonGraph correlates every CVE — across CWE-453 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →