CWE-807: CWE-807
Yearly Trend
Top Affected Vendors
All CWE-807 CVEs (19)
This vulnerability allows remote attackers to execute arbitrary code on oobabooga text-generation-webui installations without authentication. Attacker...
Nov 6, 2025This vulnerability allows remote attackers to execute arbitrary code on oobabooga text-generation-webui installations without authentication. Attacker...
Nov 6, 2025This vulnerability allows attackers to bypass IAM authentication in Conjur by manipulating AWS-signed headers to redirect validation requests to malic...
Jul 15, 2025This vulnerability in Lexmark Print Management Client allows attackers to bypass security decisions by providing malicious input. It affects organizat...
Feb 11, 2025This vulnerability in tpm2-tools allows attackers to manipulate TPM quote verification results by tampering with PCR input files. Attackers can make t...
Jun 28, 2024This vulnerability in Lucee CFML engine allows attackers who can place files on the server to bypass security protections and execute arbitrary code. ...
Apr 8, 2025This vulnerability in Zephyr RTOS Bluetooth stack allows attackers to bypass encryption procedures, potentially enabling unauthorized access to Blueto...
Sep 13, 2024This vulnerability in Sophos Firewall's Up2Date component allows attackers who control the firewall's DNS environment to achieve remote code execution...
Jul 21, 2025This vulnerability in openSUSE Build Service login proxy allows attackers to create fake login forms that capture user credentials in plain text and s...
Mar 9, 2022This vulnerability in Microsoft Office Word allows attackers to bypass local security features by manipulating untrusted inputs. It affects users runn...
Feb 10, 2026This vulnerability in Microsoft Office allows an attacker to bypass local security features by manipulating untrusted inputs. It affects users running...
Jan 26, 2026This CVE describes a local privilege escalation vulnerability in Palo Alto Networks GlobalProtect app on Windows. It allows a local user to execute pr...
Jun 14, 2023Cube semantic layer versions 0.27.19 through 1.5.12, 1.4.1 and earlier, and 1.0.13 and earlier contain an API token validation vulnerability that allo...
Feb 9, 2026This Windows Kerberos vulnerability allows authenticated attackers to elevate privileges over a network by exploiting reliance on untrusted inputs in ...
Jan 13, 2026This vulnerability allows authenticated attackers to bypass OTP verification in Aero's authentication system by intercepting and manipulating response...
Nov 4, 2024This vulnerability in TETRA authentication allows a man-in-the-middle attacker who can predict the MS challenge RAND2 to set the session key DCK to ze...
Oct 19, 2023This vulnerability in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally by exploiting re...
Oct 14, 2025This vulnerability allows attackers to poison web caches by manipulating the X-Forwarded-Host header in Ratpack applications. It enables redirect cach...
Jun 29, 2021This vulnerability allows unauthenticated attackers to bypass IP-based rate limiting in MyTube by spoofing the X-Forwarded-For header. This enables un...
Jan 19, 2026About CWE-807 (CWE-807)
Our database tracks 19 CVEs classified as CWE-807, with 5 rated critical and 13 rated high severity. The average CVSS score for CWE-807 vulnerabilities is 8.2.
External reference: View CWE-807 on MITRE CWE →
Monitor CWE-807 Vulnerabilities
Get alerted when new CWE-807 CVEs affect your infrastructure.
Start Monitoring Free