Login Sign Up

CWE-436: CWE-436

13
Total CVEs
3
Critical
8
High
8.0
Avg CVSS

Yearly Trend

2026
2
2025
3
2024
4
2023
3
2022
1

Top Affected Vendors

1 Gitlab 1
2 Gnu 1
3 Huawei 1
4 Traefik 1
5 Gitea 1
6 Goauthentik 1
7 Digitalbazaar 1
8 Codeigniter 1
9 Dompdf Project 1
10 Phpseclib 1

All CWE-436 CVEs (13)

CVE-2023-24813
10.0

CVE-2023-24813 is a critical vulnerability in Dompdf's SVG parsing that allows attackers to bypass URL restrictions and call arbitrary URLs with arbit...

Feb 7, 2023
CVE-2021-45327
9.8

CVE-2021-45327 is a server-side request forgery (SSRF) vulnerability in Gitea's admin and user API endpoints that improperly trusts HTTP permission me...

Feb 8, 2022
CVE-2024-38428
9.1

GNU Wget through version 1.24.5 incorrectly parses semicolons in the userinfo portion of URIs, potentially causing userinfo data to be misinterpreted ...

Jun 16, 2024
CVE-2023-39481
8.8

This vulnerability allows authenticated remote attackers to execute arbitrary code as root on Softing Secure Integration Server installations. The fla...

May 3, 2024
CVE-2025-12816
8.6

An interpretation conflict vulnerability in node-forge versions 1.3.1 and earlier allows attackers to craft malicious ASN.1 structures that desynchron...

Nov 25, 2025
CVE-2023-36456
8.3

This vulnerability in authentik allows attackers to spoof IP addresses by manipulating X-Forwarded-For and X-Real-IP headers. It affects authentik dep...

Jul 6, 2023
CVE-2026-0958
7.5

This vulnerability allows unauthenticated attackers to cause denial of service on GitLab instances by bypassing JSON validation middleware limits, lea...

Feb 11, 2026
CVE-2026-25223
7.5

Fastify versions before 5.7.2 have a validation bypass vulnerability where attackers can circumvent request body validation by appending a tab charact...

Feb 3, 2026
CVE-2023-52892
7.5

This vulnerability in phpseclib allows attackers to craft TLS certificates with special regex characters in Subject Alternative Name fields, potential...

Jun 27, 2024
CVE-2022-48471
7.5

A misinterpretation of input vulnerability in Huawei printers allows attackers to send specially crafted input that causes the printer service to beco...

Jun 16, 2023
CVE-2024-28054
7.4

This vulnerability in Amavis email filtering software allows attackers to bypass malware and banned file checks by crafting emails with multiple MIME ...

Mar 18, 2024
CVE-2025-66490
6.5

Traefik reverse proxy versions prior to 2.11.32 and 3.6.3 have a path normalization bypass vulnerability. Attackers can use URL-encoded characters to ...

Dec 9, 2025
CVE-2025-24013
5.3

CodeIgniter versions before 4.5.8 lack proper validation for HTTP header names and values, allowing attackers to craft malformed headers. This can dis...

Jan 20, 2025

About CWE-436 (CWE-436)

Our database tracks 13 CVEs classified as CWE-436, with 3 rated critical and 8 rated high severity. The average CVSS score for CWE-436 vulnerabilities is 8.0.

External reference: View CWE-436 on MITRE CWE →

Monitor CWE-436 Vulnerabilities

Get alerted when new CWE-436 CVEs affect your infrastructure.

Start Monitoring Free