Login Sign Up

CWE-648: CWE-648

16
Total CVEs
6
Critical
5
High
7.9
Avg CVSS

Yearly Trend

2026
2
2025
5
2024
4
2023
3
2022
2

Top Affected Vendors

1 Xwiki 2
2 Xorux 2
3 Dlink 1
4 Progress 1
5 Apache 1
6 Cisco 1
7 Navercorp 1
8 Trudesk Project 1
9 Eskom 1
10 Yepas 1

All CWE-648 CVEs (16)

CVE-2024-8785
9.8

This vulnerability allows remote unauthenticated attackers to modify registry values in WhatsUp Gold installations, potentially enabling system compro...

Dec 2, 2024
CVE-2024-11068
9.8

CVE-2024-11068 is a critical vulnerability in D-Link DSL6740C modems that allows unauthenticated remote attackers to change any user's password via AP...

Nov 11, 2024
CVE-2023-4972
9.8

This vulnerability in Yepas Digital Yepas involves incorrect use of privileged APIs, allowing attackers to collect data as provided by users. It affec...

Sep 14, 2023
CVE-2022-2023
9.8

This vulnerability involves incorrect use of privileged APIs in the trudesk help desk software, allowing attackers to execute arbitrary code with elev...

Jun 20, 2022
CVE-2024-37018
9.1

CVE-2024-37018 is a topology poisoning vulnerability in OpenDaylight SDN controllers that allows malicious applications to manipulate network discover...

May 31, 2024
CVE-2023-29507
9.1

This vulnerability in XWiki Commons allows attackers to manipulate document authorship through the Document script API, bypassing access controls. Thi...

Apr 16, 2023
CVE-2026-20126
8.8

This vulnerability in Cisco Catalyst SD-WAN Manager allows authenticated local users with low privileges to escalate to root privileges through the RE...

Feb 25, 2026
CVE-2024-32008
7.8

A local privilege escalation vulnerability exists in Siemens Spectrum Power 4 due to an exposed debug interface on localhost. This allows any local us...

Nov 11, 2025
CVE-2023-6151
7.5

This vulnerability in ESKOM Computer's e-municipality module allows attackers to misuse privileged APIs to collect user-provided data. It affects all ...

Nov 28, 2023
CVE-2025-1161
7.1

This vulnerability allows attackers to escalate privileges by exploiting incorrect use of privileged APIs in NomySoft's Nomysem software. It affects a...

Dec 10, 2025
CVE-2022-24073
7.1

A vulnerability in Whale browser's Web Request API allowed malicious extensions to block access to the extension store or redirect users to arbitrary ...

Mar 17, 2022
CVE-2026-22922
6.5

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw where authenticated users with custom permissions limited to task access can...

Feb 9, 2026
CVE-2025-54767
6.5

An authenticated read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user. This allows denial of se...

Jul 29, 2025
CVE-2024-46978
6.5

This vulnerability in XWiki Platform allows any authenticated user to manipulate another user's notification filter preferences by knowing the filter ...

Sep 18, 2024
CVE-2024-53007
6.4

This vulnerability allows authenticated users of Bentley Systems ProjectWise Integration Server to execute unintended SQL queries through API calls. T...

Jan 31, 2025
CVE-2025-54765
5.3

This vulnerability allows authenticated read-only users to access an administrative API endpoint for importing appliance configurations. Attackers can...

Jul 29, 2025

About CWE-648 (CWE-648)

Our database tracks 16 CVEs classified as CWE-648, with 6 rated critical and 5 rated high severity. The average CVSS score for CWE-648 vulnerabilities is 7.9.

External reference: View CWE-648 on MITRE CWE →

Monitor CWE-648 Vulnerabilities

Get alerted when new CWE-648 CVEs affect your infrastructure.

Start Monitoring Free