CWE-15: CWE-15
Yearly Trend
Top Affected Vendors
All CWE-15 CVEs (21)
This vulnerability in Cursor AI code editor allows attackers to execute shell built-ins without allowlist approval when the Cursor Agent runs in Auto-...
Jan 14, 2026This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of parisneo/lollms-webui. Attackers can by...
May 16, 2024This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers by exploiting configuration injection in the...
Jan 14, 2025This vulnerability allows authenticated attackers to bypass permissions and inject malicious configuration into the FTP settings of Wavlink AC3000 rou...
Jan 14, 2025This vulnerability allows authenticated attackers to bypass permissions and inject configuration parameters in Wavlink AC3000 routers. Attackers can m...
Jan 14, 2025This vulnerability allows authenticated attackers to bypass permissions and inject configuration commands via the ftp_port parameter in Wavlink AC3000...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers by exploiting configuration injection in the...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers by sending specially crafted HTTP requests t...
Jan 14, 2025This vulnerability allows attackers to interact with the Windows registry through exposed API functions, enabling both reading of sensitive values and...
Oct 22, 2021The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to remote code execution when users open malicious repositories containing ...
Oct 31, 2023This vulnerability allows unprivileged database users in PostgreSQL to manipulate environment variables through PL/Perl, potentially leading to arbitr...
Nov 14, 2024The eBay API MCP Server is vulnerable to environment variable injection through the updateEnvFile function, which doesn't validate input for newlines ...
Feb 21, 2026This vulnerability in php-svg-lib allows attackers to perform PHAR deserialization attacks via malicious SVG files containing unsanitized href attribu...
Dec 12, 2023This vulnerability in ABB's Service Control allows attackers to access service restart requests and virtual machine configuration settings. It affects...
Dec 5, 2024This vulnerability allows authenticated attackers to modify validation variables in Teltonika RUT router firmware, enabling malicious parameters in th...
May 22, 2023This vulnerability in Bitdefender security products allows attackers to manipulate configuration settings to load unauthorized third-party libraries d...
Apr 1, 2024CVE-2021-31338 is an unauthenticated configuration modification vulnerability in Siemens SINEMA Remote Connect Client. Local attackers can exploit thi...
Aug 19, 2021This vulnerability in the HiView module allows attackers to compromise feature implementation and integrity. It affects Huawei devices running vulnera...
Dec 12, 2024This vulnerability in Taguette allows attackers to send password reset emails containing malicious links. If victims click these links, attackers can ...
Oct 20, 2025This vulnerability allows remote authenticated users in Liferay Portal/DXP to exfiltrate data to attacker-controlled servers during remote staging ope...
Sep 15, 2025This vulnerability allows cookie tossing attacks where an attacker controlling a subdomain can set the _gitpod_io_jwt2_ session cookie on the Gitpod c...
Jul 19, 2024About CWE-15 (CWE-15)
Our database tracks 21 CVEs classified as CWE-15, with 10 rated critical and 9 rated high severity. The average CVSS score for CWE-15 vulnerabilities is 8.3.
External reference: View CWE-15 on MITRE CWE →
Monitor CWE-15 Vulnerabilities
Get alerted when new CWE-15 CVEs affect your infrastructure.
Start Monitoring Free