Login Sign Up

CWE-488: CWE-488

16
Total CVEs
2
Critical
7
High
6.9
Avg CVSS

Yearly Trend

2026
2
2025
7
2024
7

Top Affected Vendors

1 Whisper.money 1
2 Deno 1
3 Openproject 1
4 Openwebui 1
5 Pgadmin 1
6 Element 1
7 Miateknoloji 1

All CWE-488 CVEs (16)

CVE-2025-47928
9.1

This CVE describes a GitHub Actions workflow vulnerability in the Spotipy Python library where the pull_request_target event executes untrusted code f...

May 15, 2025
CVE-2024-27455
9.1

The Bentley ALIM Web application exposes user session tokens during file download operations when specific configurations are present. This allows att...

Feb 26, 2024
CVE-2025-1247
8.3

CVE-2025-1247 is a concurrency vulnerability in Quarkus REST where request parameters can leak between concurrent requests when endpoints use field in...

Feb 13, 2025
CVE-2023-1907
8.0

This vulnerability in pgAdmin's LDAP authentication allows session confusion when multiple users attempt to log in simultaneously. Attackers could pot...

Jan 9, 2025
CVE-2025-30073
7.5

This vulnerability in OPC cardsystems Webapp Aufwertung 2.1.0 allows transaction reference reuse, enabling attackers to load more money onto employee ...

Mar 26, 2025
CVE-2024-5148
7.5

This vulnerability in gnome-remote-desktop allows unauthorized users on the system to access the RDP TLS certificate and key during the login screen t...

Sep 2, 2024
CVE-2024-6162
7.5

CVE-2024-6162 is a race condition vulnerability in Undertow's AJP listener where URL-encoded request paths can be mishandled during concurrent request...

Jun 20, 2024
CVE-2023-6519
7.5

CVE-2023-6519 is an exposure of sensitive data vulnerability in Mia Technology's MİA-MED software that allows attackers to read sensitive strings fro...

Feb 8, 2024
CVE-2024-27935
7.2

This vulnerability in Deno's Node.js compatibility layer allows cross-session data contamination during simultaneous asynchronous reads from Node.js s...

Mar 21, 2024
CVE-2026-23646
6.5

OpenProject versions before 16.6.5 and 17.0.1 contain a session management vulnerability where users can delete other users' active sessions. This all...

Jan 19, 2026
CVE-2025-2312
5.9

A vulnerability in cifs-utils allows containerized environments to access the host's Kerberos credentials cache instead of the container's own namespa...

Mar 25, 2025
CVE-2025-24934
5.4

This vulnerability allows spoofing attacks against applications using SO_REUSEPORT_LB sockets in FreeBSD. When a socket is connected to a specific hos...

Oct 22, 2025
CVE-2024-7049
5.4

This vulnerability allows users with pending roles to obtain authentication tokens and perform unauthorized actions without admin approval. It affects...

Oct 10, 2024
CVE-2024-11094
5.3

The 404 Solution WordPress plugin exposes sensitive redirect data including GET parameters through its export feature, allowing unauthenticated attack...

Nov 16, 2024
CVE-2025-27606
5.1

Element Android up to version 1.6.32 fails to properly logout users after exceeding configured PIN attempt limits, allowing attackers with physical de...

Mar 14, 2025
CVE-2026-23844
4.3

Whisper Money versions before 0.1.5 have an insecure direct object reference vulnerability that allows authenticated users to modify bank account bala...

Jan 19, 2026

About CWE-488 (CWE-488)

Our database tracks 16 CVEs classified as CWE-488, with 2 rated critical and 7 rated high severity. The average CVSS score for CWE-488 vulnerabilities is 6.9.

External reference: View CWE-488 on MITRE CWE →

Monitor CWE-488 Vulnerabilities

Get alerted when new CWE-488 CVEs affect your infrastructure.

Start Monitoring Free