CWE-424: CWE-424

Total CVEs

Critical

High

7.3

Avg CVSS

In CISA KEV

Yearly Trend

2025

2024

2023

Top Affected Vendors

1 Docker 2

2 Gitea 1

3 Vbulletin 1

4 Yiiframework 1

5 Hackmd 1

6 Kioware 1

All CWE-424 CVEs (11)

CVE-2025-48827

EPSS 73.8% 10.0

This vulnerability allows unauthenticated attackers to invoke protected API controller methods in vBulletin, potentially leading to remote code execut...

May 27, 2025

CVE-2024-58136

KEV EPSS 67.1% 9.0

This CVE describes a security regression in Yii 2 framework where improper handling of behavior attachment via __class array keys can lead to remote c...

Apr 10, 2025

CVE-2023-52952

8.5

This vulnerability allows an unauthenticated local attacker to escape the restricted kiosk mode environment in HiMed Cockpit medical devices and gain ...

Oct 8, 2024

CVE-2025-68939

8.2

This vulnerability in Gitea allows attackers to bypass file extension restrictions by manipulating attachment names through the attachment API. Attack...

Dec 26, 2025

CVE-2024-3460

7.4

This vulnerability in KioWare for Windows allows attackers to bypass the kiosk software's restrictions during a brief time window before automatic log...

May 14, 2024

CVE-2023-5165

7.1

CVE-2023-5165 allows unprivileged users to bypass Enhanced Container Isolation (ECI) restrictions in Docker Desktop by accessing a debug shell during ...

Sep 25, 2023

CVE-2023-0629

7.1

This vulnerability allows unprivileged users on Docker Desktop to bypass Enhanced Container Isolation (ECI) restrictions by connecting to Docker's raw...

Mar 13, 2023

CVE-2025-49162

6.4

This vulnerability in Arris VIP1113 devices allows remote attackers to overwrite arbitrary files via TFTP by using specially crafted filenames contain...

Jun 3, 2025

CVE-2025-46654

4.9

CVE-2025-46654 is a cross-site scripting (XSS) vulnerability in CodiMD that allows attackers to bypass Content Security Policy (CSP) protections by up...

Apr 26, 2025

CVE-2025-58079

4.3

This vulnerability in desknet's NEO AppSuite allows attackers to create malicious applications through improper protection of alternate paths. It affe...

Oct 16, 2025

CVE-2025-4617

N/A

A local privilege bypass vulnerability in Palo Alto Networks Prisma Browser on Windows allows non-admin users to circumvent screenshot controls. This ...

Nov 14, 2025

About CWE-424 (CWE-424)

Our database tracks 11 CVEs classified as CWE-424, with 2 rated critical and 5 rated high severity. The average CVSS score for CWE-424 vulnerabilities is 7.3.

External reference: View CWE-424 on MITRE CWE →

Monitor CWE-424 Vulnerabilities

Get alerted when new CWE-424 CVEs affect your infrastructure.

Start Monitoring Free