Weaknesses of type CWE-840
87 resultsCVE-2021-22926HIGHlibcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` optioEPSS 9.8%CVE-2022-32208MEDIUMWhen curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a MEPSS 5.6%CVE-2022-32207CRITICALWhen curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a renEPSS 5.5%CVE-2021-22922MEDIUMWhen curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML EPSS 4.3%CVE-2021-22897MEDIUMcurl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST wEPSS 3.0%CVE-2022-27782HIGHlibcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.EPSS 2.6%CVE-2020-8228—A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.EPSS 1.9%CVE-2019-15608—The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cacEPSS 1.8%CVE-2021-36012MEDIUMMagento Commerce Gift Card Business Logic ErrorEPSS 1.7%CVE-2022-0524MEDIUMBusiness Logic Errors in publify/publifyEPSS 1.5%CVE-2021-4171HIGHBusiness Logic Errors in janeczku/calibre-webEPSS 1.4%CVE-2022-0935HIGHHost Header injection in password Reset in livehelperchat/livehelperchatEPSS 1.3%CVE-2019-3787HIGHUAA defaults email address to an insecure domainEPSS 1.1%CVE-2022-0689MEDIUMUse multiple time the one-time coupon in microweber/microweberEPSS 1.0%CVE-2022-1155HIGHOld sessions are not blocked by the login enable function. in snipe/snipe-itEPSS 1.0%CVE-2022-4719MEDIUMBusiness Logic Errors in ikus060/rdiffwebEPSS 1.0%CVE-2022-1848CRITICALBusiness Logic Errors in erudika/paraEPSS 1.0%CVE-2022-0514MEDIUMBusiness Logic Errors in crater-invoice/craterEPSS 0.9%CVE-2022-0688CRITICALBusiness Logic Errors in microweber/microweberEPSS 0.9%CVE-2022-0746MEDIUMBusiness Logic Errors in dolibarr/dolibarrEPSS 0.9%