Weaknesses of type CWE-346
379 resultsCVE-2025-69260HIGHA message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service conditionEPSS 1.4%CVE-2025-69259HIGHA message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service EPSS 1.4%CVE-2023-28349HIGHAn issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functionsEPSS 1.2%CVE-2023-33740HIGHIncorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameteEPSS 1.2%CVE-2021-20199—Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts cEPSS 1.1%CVE-2023-29868MEDIUMZammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perfoEPSS 1.0%CVE-2023-2445MEDIUMImproper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator pEPSS 1.0%CVE-2023-46715MEDIUMAn origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below alEPSS 0.9%CVE-2019-11777—In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the resEPSS 0.8%CVE-2009-4139MEDIUMSpacewalk-java: spacewalk: red hat network satellite: spacewalk java: privilege escalation via cross-site request forgeryEPSS 0.8%CVE-2024-2182MEDIUMOvn: insufficient validation of bfd packets may lead to denial of serviceEPSS 0.8%CVE-2018-5400CRITICALThe Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation errorEPSS 0.7%CVE-2020-11069HIGHCross-Site Request Forgery in TYPO3 CMSEPSS 0.7%CVE-2024-25124CRITICALFiber has Insecure CORS Configuration, Allowing Wildcard Origin with CredentialsEPSS 0.7%CVE-2023-5858MEDIUMInappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI EPSS 0.6%CVE-2018-10591—In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prioEPSS 0.6%CVE-2024-44187MEDIUMA cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in SEPSS 0.6%CVE-2020-14519—This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including VEPSS 0.6%CVE-2023-22899MEDIUMZip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.EPSS 0.6%CVE-2022-22637HIGHA logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 aEPSS 0.6%