Login Sign Up

CWE-420: CWE-420

16
Total CVEs
4
Critical
7
High
7.6
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
2
2025
9
2024
2
2023
3

Top Affected Vendors

1 Crushftp 1
2 Huawei 1
3 Cisco 1
4 Rockwellautomation 1
5 Canonical 1
6 Bullwall 1
7 Lynxtechnology 1
8 Es 1
9 Mobyproject 1
10 Snapone 1

All CWE-420 CVEs (16)

CVE-2023-20198
10.0

CVE-2023-20198 is a critical vulnerability in Cisco IOS XE Software web UI that allows unauthenticated attackers to gain initial access and create loc...

Oct 16, 2023
CVE-2025-52921
9.9

This vulnerability allows authenticated attackers to achieve remote code execution on Innoshop servers by bypassing file upload restrictions. Attacker...

Jun 23, 2025
CVE-2025-13315
EPSS 82.4% 9.8

CVE-2025-13315 is an authentication bypass vulnerability in Twonky Server that allows unauthenticated attackers to access the web service API and leak...

Nov 19, 2025
CVE-2025-54309
KEV EPSS 62.1% 9.0

This vulnerability in CrushFTP allows remote attackers to bypass AS2 validation and gain administrative access via HTTPS when the DMZ proxy feature is...

Jul 18, 2025
CVE-2025-54351
8.9

CVE-2025-54351 is a buffer overflow vulnerability in iperf network performance testing tool when using the --skip-rx-copy flag. This allows attackers ...

Aug 3, 2025
CVE-2025-62001
8.8

This vulnerability in BullWall Ransomware Containment allows authenticated attackers to rename directories to match exclusion patterns, bypassing rans...

Dec 18, 2025
CVE-2023-31241
8.6

This vulnerability in Snap One OvrC cloud servers allows attackers to bypass security requirements and claim devices without authorization, potentiall...

May 22, 2023
CVE-2025-53967
8.0

CVE-2025-53967 is a critical remote code execution vulnerability in Framelink Figma MCP Server versions before 0.6.3. Unauthenticated attackers can ex...

Oct 8, 2025
CVE-2024-8038
7.9

This vulnerability allows local users within the same network namespace to access Juju's introspection abstract UNIX domain socket without authenticat...

Oct 2, 2024
CVE-2025-41727
7.8

This vulnerability allows a local low-privileged attacker to bypass authentication in the Device Manager user interface, enabling them to perform priv...

Jan 27, 2026
CVE-2023-28840
7.5

This vulnerability in Docker/Moby's Swarm Mode allows attackers to inject arbitrary Ethernet frames into encrypted overlay networks when administrator...

Apr 4, 2023
CVE-2023-52718
6.4

A connection hijacking vulnerability in certain Huawei home routers allows attackers to intercept or disrupt network connections. This affects users o...

Dec 28, 2024
CVE-2025-66432
5.0

This vulnerability allows API tokens in Oxide control plane to be renewed beyond their intended expiration date, potentially enabling unauthorized acc...

Nov 30, 2025
CVE-2025-62820
4.9

Slack Nebula versions before 1.9.7 incorrectly handle CIDR configurations, allowing arbitrary source IP addresses to be accepted within the Nebula net...

Oct 23, 2025
CVE-2022-28693
4.7

This vulnerability in certain Intel processors allows an authorized user with local access to potentially disclose sensitive information by exploiting...

Feb 14, 2025
CVE-2026-25916
4.3

Roundcube Webmail versions before 1.5.13 and 1.6 before 1.6.13 fail to block SVG feImage elements when 'Block remote images' is enabled, allowing atta...

Feb 9, 2026

About CWE-420 (CWE-420)

Our database tracks 16 CVEs classified as CWE-420, with 4 rated critical and 7 rated high severity. The average CVSS score for CWE-420 vulnerabilities is 7.6.

External reference: View CWE-420 on MITRE CWE →

Monitor CWE-420 Vulnerabilities

Get alerted when new CWE-420 CVEs affect your infrastructure.

Start Monitoring Free