CWE-470: CWE-470
Yearly Trend
Top Affected Vendors
All CWE-470 CVEs (20)
This vulnerability in Barracuda Service Center allows attackers to execute arbitrary code remotely by exploiting insecure reflection in WSDL service n...
Dec 10, 2025This vulnerability allows attackers to poison the cache in Sitecore Experience Manager/Platform by exploiting unsafe reflection. Attackers can potenti...
Sep 3, 2025This vulnerability allows remote unauthenticated attackers to execute arbitrary code on affected Mitsubishi Electric industrial control software by ex...
Jan 30, 2024This vulnerability in Apache Kylin allows remote attackers to execute arbitrary code by exploiting unsafe reflection through Class.forName() with user...
Jan 6, 2022This vulnerability allows remote attackers to execute arbitrary code on pig-mesh Pig servers by exploiting a reflection-based class execution flaw in ...
Nov 7, 2025This vulnerability in Yii2's Component class allows attackers to instantiate arbitrary classes and call their methods by manipulating behavior assignm...
Mar 20, 2025This vulnerability allows remote attackers to execute arbitrary code on Progress Telerik Report Server by exploiting insecure type resolution through ...
Oct 9, 2024This vulnerability allows authenticated users in SailPoint IdentityIQ to invoke arbitrary Java constructors via unsafe reflection, potentially executi...
Jun 5, 2023This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Progress Telerik Reporting. Attackers c...
Oct 9, 2024The Addressing GLPI plugin versions 3.0.0 through 3.0.2 contain an information disclosure vulnerability that allows unauthenticated attackers to deter...
Dec 26, 2024This vulnerability in AWS Wrappers for Amazon Aurora PostgreSQL allows low-privilege authenticated database users to escalate privileges to the rds_su...
Nov 10, 2025A high-severity vulnerability in Genetec Security Center's Web SDK role allows attackers to execute arbitrary code on affected systems. This affects o...
Nov 5, 2024CVE-2022-30287 is a reflection injection vulnerability in Horde Groupware Webmail Edition that allows attackers to instantiate driver classes and achi...
Jul 28, 2022An unsafe reflection vulnerability in Progress Telerik UI for AJAX allows attackers to cause unhandled exceptions that crash the hosting process, resu...
May 14, 2025CVE-2020-7857 is a remote code execution vulnerability in Tobesoft XPlatform that allows unauthenticated attackers to execute arbitrary commands by ex...
Apr 20, 2021This is a Remote Code Execution vulnerability in Craft CMS that allows authenticated administrators to execute arbitrary system commands on the server...
Feb 9, 2026This vulnerability allows authenticated remote code execution in Craft CMS when an attacker with administrator access uploads a malicious Behavior att...
Jan 5, 2026An unsafe reflection vulnerability in GitHub Enterprise Server allows authenticated organization owners to execute arbitrary methods, potentially lead...
Jan 16, 2024This vulnerability allows a local attacker to execute arbitrary code with administrative privileges by tampering with an unprotected file in Mitsubish...
Jul 4, 2024Astro web framework versions before 5.14.2 reflect unvalidated X-Forwarded-Host header values in Astro.url output, allowing attackers to manipulate UR...
Oct 10, 2025About CWE-470 (CWE-470)
Our database tracks 20 CVEs classified as CWE-470, with 8 rated critical and 10 rated high severity. The average CVSS score for CWE-470 vulnerabilities is 8.3.
External reference: View CWE-470 on MITRE CWE →
Monitor CWE-470 Vulnerabilities
Get alerted when new CWE-470 CVEs affect your infrastructure.
Start Monitoring Free