Login Sign Up

CWE-472: CWE-472

25
Total CVEs
7
Critical
8
High
7.8
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
2
2025
15
2024
4
2021
4

Top Affected Vendors

1 Google 4
2 Cisco 4
3 Craftcms 1
4 Fortra 1
5 Mintlify 1
6 Ikm 1
7 Optimizely 1
8 Teampass 1

All CWE-472 CVEs (25)

CVE-2025-43933
9.8

This vulnerability in fblog allows attackers to take over user accounts by exploiting the password reset feature. Attackers can manipulate the Host HT...

Jul 7, 2025
CVE-2025-43930
9.8

Hashview 0.8.1 contains a critical authentication bypass vulnerability in its password reset functionality. Attackers can take over any user account b...

Jul 7, 2025
CVE-2024-25153
9.8

CVE-2024-25153 is a critical directory traversal vulnerability in FileCatalyst Workflow Web Portal's ftpservlet that allows unauthenticated attackers ...

Mar 13, 2024
CVE-2021-1289
9.8

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code as root on affected Cisco Small Business VPN routers. At...

Feb 4, 2021
CVE-2021-1291
9.8

This vulnerability allows unauthenticated remote attackers to execute arbitrary code as root on affected Cisco Small Business VPN routers. It affects ...

Feb 4, 2021
CVE-2021-1293
9.8

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code as root on affected Cisco Small Business VPN routers. At...

Feb 4, 2021
CVE-2021-1295
9.8

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code as root on affected Cisco Small Business VPN routers. At...

Feb 4, 2021
CVE-2026-2649
8.8

An integer overflow vulnerability in Chrome's V8 JavaScript engine allows remote attackers to trigger heap corruption via malicious HTML pages. This c...

Feb 18, 2026
CVE-2025-10891
8.8

An integer overflow vulnerability in Chrome's V8 JavaScript engine allows remote attackers to trigger heap corruption via malicious HTML pages. This a...

Sep 24, 2025
CVE-2025-47817
8.8

BlueWave Checkmate versions through 2.0.2 before commit b387eba contain an authorization vulnerability where profile edit requests can include a role ...

May 10, 2025
CVE-2025-0436
8.8

This integer overflow vulnerability in Chrome's Skia graphics engine allows remote attackers to trigger heap corruption by luring users to malicious w...

Jan 15, 2025
CVE-2024-7025
8.8

This integer overflow vulnerability in Chrome's layout engine allows remote attackers to trigger heap corruption by crafting malicious HTML pages. Suc...

Nov 27, 2024
CVE-2025-30236
8.6

This vulnerability in Shearwater SecurEnvoy SecurAccess Enrol allows attackers to bypass password authentication by sending only a six-digit TOTP code...

Mar 19, 2025
CVE-2025-25382
7.5

This vulnerability in the Information Kerala Mission SANCHAYA Property Tax Payment Portal allows attackers to modify payment amounts arbitrarily throu...

Mar 10, 2025
CVE-2025-22384
7.5

This vulnerability allows attackers to purchase discontinued products by manipulating requests before they reach the server. It affects Optimizely Con...

Jan 4, 2025
CVE-2025-29788
6.5

The Sylius PayPal Plugin vulnerability allows users to manipulate payment amounts by changing cart quantities after initiating PayPal checkout. PayPal...

Mar 17, 2025
CVE-2023-38520
6.5

This vulnerability allows attackers to manipulate web parameters in the Pinpoint Booking System WordPress plugin, enabling functionality misuse such a...

Jun 4, 2024
CVE-2024-50703
5.4

CVE-2024-50703 is an authorization bypass vulnerability in TeamPass password management software where a user can act with the privileges of a differe...

Dec 30, 2024
CVE-2025-35939
KEV EPSS 20.8% 5.3

CVE-2025-35939 is a session file injection vulnerability in Craft CMS where unauthenticated users can inject arbitrary content into server-side sessio...

May 7, 2025
CVE-2025-3743
5.3

The Upsell Funnel Builder for WooCommerce WordPress plugin allows unauthenticated attackers to manipulate order bump products and discounts before pro...

Apr 25, 2025
CVE-2025-67846
4.9

This vulnerability allows remote attackers to bypass security patches and execute downgrade attacks on Mintlify Platform deployments. Attackers can fo...

Dec 19, 2025
CVE-2025-54551
4.3

Synapse Mobility contains a privilege escalation vulnerability where authenticated users can manipulate web parameters in search functions to access u...

Aug 20, 2025
CVE-2025-43002
4.3

This vulnerability in SAP S4CORE allows authenticated attackers to access restricted information through OData meta-data properties due to missing aut...

May 13, 2025
CVE-2025-14750
N/A

This vulnerability allows low-privileged users to manipulate parameters that should be immutable, potentially escalating their privileges to account-l...

Jan 22, 2026
CVE-2025-66385
N/A

This vulnerability allows authenticated non-privileged users in Cerebrate to escalate their privileges by manipulating role_id or organisation_id fiel...

Nov 28, 2025

About CWE-472 (CWE-472)

Our database tracks 25 CVEs classified as CWE-472, with 7 rated critical and 8 rated high severity. The average CVSS score for CWE-472 vulnerabilities is 7.8.

External reference: View CWE-472 on MITRE CWE →

Monitor CWE-472 Vulnerabilities

Get alerted when new CWE-472 CVEs affect your infrastructure.

Start Monitoring Free