CWE-158: CWE-158
Yearly Trend
Top Affected Vendors
All CWE-158 CVEs (8)
CVE-2025-47812 is a critical remote code execution vulnerability in Wing FTP Server that allows attackers to inject arbitrary Lua code via null byte h...
Jul 10, 2025The PhastPress WordPress plugin contains a critical vulnerability allowing unauthenticated attackers to read arbitrary files from the webroot via null...
Dec 23, 2025This vulnerability allows attackers to bypass Access Control Lists in Control-M/Agent by using specially crafted client certificates with NULL bytes i...
Sep 16, 2025This CVE describes multiple vulnerabilities in Cisco Expressway Series and TelePresence VCS that allow remote attackers to overwrite arbitrary files o...
Jul 6, 2022CVE-2023-5719 is a password handling vulnerability in Crimson 3.2 Windows configuration tool where passwords containing percent (%) characters get tru...
Nov 6, 2023This vulnerability allows unauthenticated attackers to read arbitrary files on DB Electronica Telecomunicazioni Mozart FM Transmitters by exploiting n...
Nov 26, 2025This vulnerability in Firefox and Thunderbird allows attackers to hide malicious code in web extensions by disguising it as other file types like imag...
Mar 4, 2025An authenticated MongoDB user can cause server crashes or read unauthorized memory contents by sending specially crafted requests with malformed BSON....
Nov 14, 2024About CWE-158 (CWE-158)
Our database tracks 8 CVEs classified as CWE-158, with 4 rated critical and 3 rated high severity. The average CVSS score for CWE-158 vulnerabilities is 8.5.
External reference: View CWE-158 on MITRE CWE →
Monitor CWE-158 Vulnerabilities
Get alerted when new CWE-158 CVEs affect your infrastructure.
Start Monitoring Free