CWE-155 is a common weakness enumeration in software security. This database tracks 11 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-155?

There are 11 CVE vulnerabilities classified as CWE-155 with an average CVSS score of 5.8777777777778.

What is the severity distribution for CWE-155?

CWE-155 contains 0 critical, 2 high, 8 medium, and 1 low severity vulnerabilities.

CWE-155

Total CVEs

Vulnerabilities

Avg CVSS v3

5.9

Medium

Avg CVSS v2

5.0

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 0

High 2

18.2%

Medium 8

72.7%

Low 1

9.1%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (11)

Page 1 of 1

CVE-2020-1772

HIGH

CVSS:7.5(High)

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue ...

CWE-1552020

CVE-2025-24376

MEDIUM

CVSS:6.5(Medium)

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced...

CWE-1552025

CVE-2024-6509

MEDIUM

CVSS:6.5(Medium)

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has r...

CWE-1552024

CVE-2024-0055

MEDIUM

CVSS:6.5(Medium)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. ...

CWE-1552024

CVE-2024-0054

MEDIUM

CVSS:6.5(Medium)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resour...

CWE-1552024

CVE-2025-0681

MEDIUM

CVSS:6.2(Medium)

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

CWE-1552025

CVE-2024-47791

HIGH

CVSS:5.3(Medium)

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and f...

CWE-1552024

CVE-2024-8688

MEDIUM

CVSS:4.4(Medium)

An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) wit...

CWE-1552024

CVE-2019-3802

LOW

CVSS:3.5(Low)

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatche...

CWE-1552019

CVE-2025-27515

MEDIUM

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rul...

CWE-1552025

CVE-2025-0106

MEDIUM

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.

CWE-1552025