CWE-349: CWE-349

This CVE describes a DNS cache poisoning vulnerability in BIND where the server accepts records too leniently from answers, allowing attackers to inje...

A cache-poisoning vulnerability in BIND 9's named resolver when configured with ECS (EDNS Client Subnet) options allows attackers to inject malicious ...

This vulnerability in Microsoft's UrlMon component allows attackers to bypass security features by mixing untrusted data with trusted data. It affects...

This vulnerability allows attackers to bypass security features in Microsoft Word through improper input validation. Attackers can exploit this over a...

This vulnerability allows attackers to poison CDN caches by sending crafted HTTP requests to Nuxt applications, causing JSON responses to be served to...

This vulnerability in EC-CUBE 4 series allows attackers with administrative privileges to install arbitrary PHP packages. If exploited, this could lea...

This vulnerability affects multiple Siemens industrial networking devices where improper validation of uploaded X509 certificates could allow attacker...

This vulnerability in check-jsonschema allows cache confusion attacks where an attacker can replace legitimate JSON schemas with malicious ones. Users...

This vulnerability in Windows BitLocker allows an attacker with physical access to bypass the encryption security feature by mixing untrusted data wit...

A vulnerability in NGINX OSS and NGINX Plus allows attackers in a man-in-the-middle position on the upstream server side to inject plain text data int...

This vulnerability in JetBrains IntelliJ IDEA allows attackers to trick users into opening untrusted remote projects over SSH without proper confirmat...

This vulnerability in aiosmtpd allows man-in-the-middle attackers to inject unencrypted SMTP commands after STARTTLS negotiation, which are then proce...