CWE-636
13 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-636page 1 of 1
- CVE-2021-1578HIGHCVSS 8.8EG 8.82021-08-25
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges t…
- CVE-2021-3614MEDIUMCVSS 6.4EG 6.42021-07-16
A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
- CVE-2023-22943MEDIUMCVSS 4.8EG 5.32023-02-14
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connec…
- CVE-2023-28840HIGHCVSS 7.5EG 7.52023-04-04
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as mob…
- CVE-2023-28841MEDIUMCVSS 6.8EG 6.82023-04-04
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as mob…
- CVE-2023-28842MEDIUMCVSS 6.8EG 6.82023-04-04
Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as mo…
- CVE-2023-4030HIGHCVSS 8.4EG 8.42023-08-17
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
- CVE-2024-2660MEDIUMCVSS 6.4EG 6.42024-04-04
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is…
- CVE-2024-3729CRITICALCVSS 9.8EG 9.82024-05-02
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated a…
- CVE-2024-43532HIGHCVSS 8.8EG 8.82024-10-08
Remote Registry Service Elevation of Privilege Vulnerability
- CVE-2024-8185HIGHCVSS 7.5EG 7.52024-10-31
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may …
- CVE-2026-42246HIGHCVSS 7.4EG 7.42026-05-09
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without sta…
- CVE-2026-45781LOWCVSS 3.5EG 3.52026-05-14
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated pu…
Map vulnerabilities like CWE-636 to your infrastructure
EchelonGraph correlates every CVE — across CWE-636 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →