Login Sign Up

CWE-668: CWE-668

83
Total CVEs
10
Critical
67
High
7.8
Avg CVSS

Yearly Trend

2026
3
2025
9
2024
15
2023
20
2022
18

Top Affected Vendors

1 Linux 11
2 Sap 3
3 Huawei 3
4 Google 2
5 Schneider Electric 2
6 Apache 2
7 Wavlink 2
8 Siemens 2
9 Sick 2
10 Juniper 1

All CWE-668 CVEs (83)

CVE-2025-15114
9.8

This critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 exposes the alarm system PIN in server responses after authentica...

Dec 30, 2025
CVE-2023-45911
9.8

This critical authentication bypass vulnerability in WIPOTEC GmbH ComScale allows unauthenticated attackers to log in as any user without requiring a ...

Oct 18, 2023
CVE-2022-24074
9.8

CVE-2022-24074 is a critical vulnerability in Whale Browser's default Whale Bridge extension that allows compromised rendering processes to send arbit...

Mar 17, 2022
CVE-2022-25643
9.8

CVE-2022-25643 is a privilege escalation vulnerability in seatd-launch (part of seatd 0.6.x) that allows local users to delete arbitrary files with ro...

Feb 24, 2022
CVE-2021-27236
9.8

This vulnerability in Mutare Voice (EVM) allows unauthenticated attackers to include local files via getfile.asp, which can be escalated to remote cod...

Feb 16, 2021
CVE-2025-25176
9.1

This vulnerability allows non-secure applications to exfiltrate intermediate register values from secure workloads, potentially exposing sensitive dat...

Jan 13, 2026
CVE-2022-27818
9.1

CVE-2022-27818 is a vulnerability in SWHKD 1.1.5 where the software unsafely uses the /tmp/swhkd.sock pathname, allowing local attackers to cause info...

Apr 7, 2022
CVE-2021-42640
9.1

CVE-2021-42640 is an Insecure Direct Object Reference (IDOR) vulnerability in PrinterLogic Web Stack that allows unauthenticated attackers to reassign...

Feb 2, 2022
CVE-2021-44523
9.1

This vulnerability allows unauthenticated remote attackers to read, modify, or delete activity feed entries in Siemens SiPass integrated and Siveillan...

Dec 14, 2021
CVE-2020-16263
9.1

Winston 1.5.4 devices have a misconfigured Cross-Origin Resource Sharing (CORS) policy that accepts requests from any origin, allowing attackers to ma...

Oct 28, 2020
CVE-2024-3019
8.8

A vulnerability in PCP's default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with R...

Mar 28, 2024
CVE-2023-27976
8.8

This vulnerability in EcoStruxure Control Expert allows remote code execution when authenticated users click malicious links. Attackers can exploit we...

Apr 18, 2023
CVE-2023-24523
8.8

This vulnerability allows authenticated non-admin users with local access to SAP Host Agent ports to execute arbitrary operating system commands with ...

Feb 14, 2023
CVE-2021-36710
8.8

CVE-2021-36710 is a privilege escalation vulnerability in ToaruOS where improper memory management allows userland processes to map kernel structures....

Jun 8, 2022
CVE-2022-23118
8.8

This vulnerability in Jenkins Debian Package Builder Plugin allows attackers who control Jenkins agent processes to execute arbitrary operating system...

Jan 12, 2022
CVE-2023-3270
8.6

CVE-2023-3270 is an information disclosure vulnerability in the SICK ICR890-4 industrial camera system, allowing unauthenticated remote attackers to a...

Jul 10, 2023
CVE-2020-11303
8.6

This vulnerability in Qualcomm Snapdragon chipsets allows information disclosure when devices accept AMSDU frames with mismatched destination and sour...

Oct 20, 2021
CVE-2021-21382
8.6

This vulnerability in restund TURN server allows attackers to relay traffic to localhost services by manipulating TURN channel requests. Attackers can...

Jun 11, 2021
CVE-2024-43704
8.4

This vulnerability allows non-privileged user processes to make improper GPU system calls to access the graphics buffers of parent processes. This aff...

Nov 18, 2024
CVE-2021-43066
8.4

This vulnerability in Fortinet FortiClient for Windows allows attackers to escalate privileges via the MSI installer by controlling file names or path...

May 11, 2022
CVE-2024-13484
8.2

This vulnerability in openshift-gitops-operator allows namespaces deploying ArgoCD CR instances to create rogue PrometheusRules that affect the entire...

Jan 28, 2025
CVE-2022-46756
8.2

This vulnerability allows a local high-privileged attacker to escape container isolation and execute arbitrary operating system commands on the underl...

Feb 1, 2023
CVE-2022-23835
8.1

This vulnerability in Android's Visual Voice Mail (VVM) application allows attackers with temporary control of an app having READ_SMS permission to st...

Feb 25, 2022
CVE-2024-21813
7.9

This vulnerability in some Intel DTT software installers allows authenticated local users to access resources they shouldn't, potentially enabling pri...

May 16, 2024
CVE-2023-38994
7.9

This vulnerability in Univention Corporate Server (UCS) monitoring scripts exposes the LDAP machine account password in plaintext in the process list....

Oct 31, 2023
CVE-2025-22069
7.8

A stack layout mismatch in the RISC-V architecture's ftrace implementation in the Linux kernel causes a kernel warning and potential instability when ...

Apr 16, 2025
CVE-2023-5751
7.8

This vulnerability allows a local attacker with low privileges to read and modify any user's files in the working directory of affected CODESYS produc...

Jun 4, 2024
CVE-2023-26243
7.8

This vulnerability in Hyundai's Gen5W_L in-vehicle infotainment system allows attackers to extract AES encryption keys from memory, enabling them to c...

Apr 27, 2023
CVE-2022-27772
7.8

Spring Boot versions before 2.2.11.RELEASE are vulnerable to temporary directory hijacking in the createTempDir method. This allows attackers to manip...

Mar 30, 2022
CVE-2021-42714
7.8

Splashtop Remote Client (Business Edition) creates temporary files with insecure permissions, allowing local attackers to write arbitrary files to sys...

Feb 15, 2022
CVE-2021-22385
7.8

This vulnerability in Huawei smartphones allows local attackers to manipulate system settings externally, potentially leading to kernel code execution...

Aug 10, 2021
CVE-2021-22420
7.8

This vulnerability in HarmonyOS allows local attackers to bypass the application trustlist mechanism by externally controlling system settings. Attack...

Aug 3, 2021
CVE-2021-33669
7.8

CVE-2021-33669 is an insecure temporary file vulnerability in SAP Mobile SDK Certificate Provider that allows local unprivileged attackers to exploit ...

Jun 9, 2021
CVE-2021-31154
7.8

CVE-2021-31154 is a local privilege escalation vulnerability in the 'please' command-line tool versions before 0.4. It uses predictable temporary file...

May 27, 2021
CVE-2024-22281
7.5

Apache Helix Front (UI) contains a hard-coded secret that allows attackers to forge authentication cookies and spoof user sessions. This affects all v...

Aug 20, 2024
CVE-2023-7204
7.5

The WP STAGING WordPress Backup plugin before version 3.2.0 allows unauthorized access to cache files during the cloning process. This vulnerability c...

Jan 29, 2024
CVE-2023-42716
7.5

CVE-2023-42716 is a missing permission check vulnerability in telephony services that could allow remote attackers to access sensitive information wit...

Dec 4, 2023
CVE-2022-46901
7.5

This vulnerability allows unauthenticated attackers to execute database operations and system tasks via a websocket interface in Vocera Report Server ...

Jul 25, 2023
CVE-2023-32759
7.5

This vulnerability in Archer Platform allows authenticated attackers to access sensitive information by crafting specific URLs. It affects Archer Plat...

Jul 14, 2023
CVE-2023-37599
7.5

This vulnerability in Issabel PBX allows remote attackers to access sensitive information through the modules directory without authentication. It aff...

Jul 13, 2023
CVE-2023-35696
7.5

Unauthenticated HTTP endpoints in SICK ICR890-4 industrial cameras allow remote attackers to retrieve sensitive device information without credentials...

Jul 10, 2023
CVE-2023-31103
7.5

This vulnerability allows attackers to modify the immutable name and type of clusters in Apache InLong, potentially enabling unauthorized configuratio...

May 22, 2023
CVE-2023-26588
7.5

This CVE describes a hard-coded credentials vulnerability in multiple Buffalo network switch models that allows attackers to access debug functions. A...

Apr 11, 2023
CVE-2023-22892
7.5

CVE-2023-22892 is an information disclosure vulnerability in SmartBear Zephyr Enterprise that allows unauthenticated attackers to read arbitrary files...

Mar 8, 2023
CVE-2022-44310
7.5

This vulnerability in Development IL ecdh library allows attackers to send invalid elliptic curve points as public keys and derive the shared secret. ...

Feb 24, 2023
CVE-2023-26081
7.5

This vulnerability in Epiphany (GNOME Web browser) allows malicious websites to trick users into exfiltrating saved passwords. The browser's autofill ...

Feb 20, 2023
CVE-2022-34047
7.5

This vulnerability allows unauthenticated attackers to access sensitive configuration files on Wavlink WN530HG4 routers, exposing administrator userna...

Jul 20, 2022
CVE-2022-32249
7.5

This vulnerability in SAP Business One integration with SAP HANA allows attackers to access HANA cockpit's data volume containing sensitive informatio...

Jul 12, 2022
CVE-2020-25459
7.5

This vulnerability in WeBank FATE's hetero_decision_tree_guest.py allows attackers to read sensitive information during federated machine learning tra...

Jun 16, 2022
CVE-2022-31846
7.5

This vulnerability in WAVLINK WN535 G3 routers allows attackers to execute commands via the live_mfg.shtml endpoint, potentially exposing sensitive ro...

Jun 14, 2022

About CWE-668 (CWE-668)

Our database tracks 83 CVEs classified as CWE-668, with 10 rated critical and 67 rated high severity. The average CVSS score for CWE-668 vulnerabilities is 7.8.

External reference: View CWE-668 on MITRE CWE →

Monitor CWE-668 Vulnerabilities

Get alerted when new CWE-668 CVEs affect your infrastructure.

Start Monitoring Free