Login Sign Up

CWE-669: CWE-669

17
Total CVEs
3
Critical
9
High
7.4
Avg CVSS

Yearly Trend

2026
2
2025
8
2024
2
2023
2
2022
2

Top Affected Vendors

1 Linux 1
2 Python 1
3 Samsung 1
4 Apache 1
5 Netapp 1
6 Huawei 1
7 Debian 1
8 Openclaw 1
9 Schneider Electric 1
10 Zauner 1

All CWE-669 CVEs (17)

CVE-2021-30120
9.9

This vulnerability allows attackers to bypass two-factor authentication (2FA) in Kaseya VSA by manipulating client-side authentication logic. Attacker...

Jul 9, 2021
CVE-2025-67895
9.8

This vulnerability allows authenticated DAG authors in Apache Airflow 2 to perform remote code execution in the webserver context via an improperly ex...

Dec 17, 2025
CVE-2023-31114
9.1

This vulnerability in Samsung Exynos modem chips allows a crafted application to improperly query SIM card status information. It affects devices usin...

Jun 7, 2023
CVE-2026-25253
8.8

OpenClaw (also known as clawdbot or Moltbot) versions before 2026.1.29 automatically establish WebSocket connections using gatewayUrl values from quer...

Feb 1, 2026
CVE-2021-45891
8.8

This vulnerability in Softwarebuero Zauner ARC 4.2.0.4 allows attackers to escalate privileges within the application because all permission checks ar...

Apr 5, 2022
CVE-2025-41645
8.6

An unauthenticated remote attacker can exploit a demo account in the portal to hijack devices that were mistakenly created in that account. This affec...

May 13, 2025
CVE-2025-34158
8.5

This vulnerability in Plex Media Server allows unauthorized access to server owner credentials and other accessible servers through API endpoints. It ...

Aug 21, 2025
CVE-2026-24708
8.2

This vulnerability in OpenStack Nova allows authenticated users to trigger unsafe image resize operations by writing malicious QCOW headers to root or...

Feb 18, 2026
CVE-2022-30236
8.2

This vulnerability allows attackers to perform cross-domain attacks that could lead to unauthorized access to Wiser Smart energy management systems. I...

Jun 2, 2022
CVE-2025-62775
8.0

Mercku M6a devices allow root TELNET logins using the web admin password, enabling attackers to gain full administrative control. This affects Mercku ...

Oct 22, 2025
CVE-2025-59363
7.7

This vulnerability in One Identity OneLogin exposes OIDC client secrets through the GET Apps API v2, which should only be accessible during initial ap...

Sep 14, 2025
CVE-2023-44100
7.5

This CVE describes a broadcast permission control vulnerability in Bluetooth modules that could allow unauthorized access to Bluetooth services. Succe...

Oct 11, 2023
CVE-2025-59378
5.7

This vulnerability in GNU Guix's guix-daemon allows local users to escalate privileges by writing a malicious content-addressed-mirrors file that crea...

Sep 15, 2025
CVE-2024-37891
4.4

urllib3's CVE-2024-37891 allows the Proxy-Authorization header to leak during cross-origin redirects when configured incorrectly without using urllib3...

Jun 17, 2024
CVE-2025-62292
4.3

This vulnerability allows authenticated low-privileged users in SonarQube to access sensitive user information intended only for administrators, inclu...

Oct 10, 2025
CVE-2024-42158
4.1

This CVE addresses a memory handling issue in the Linux kernel's s390/pkey module where sensitive cryptographic key material might not be properly cle...

Jul 30, 2024
CVE-2024-31573
4.0

XMLUnit for Java versions before 2.10.0, when using default configuration, may allow remote code execution via untrusted XSLT stylesheets. This occurs...

Oct 17, 2025

About CWE-669 (CWE-669)

Our database tracks 17 CVEs classified as CWE-669, with 3 rated critical and 9 rated high severity. The average CVSS score for CWE-669 vulnerabilities is 7.4.

External reference: View CWE-669 on MITRE CWE →

Monitor CWE-669 Vulnerabilities

Get alerted when new CWE-669 CVEs affect your infrastructure.

Start Monitoring Free