CWE-226 is a common weakness enumeration in software security. This database tracks 12 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-226?

There are 12 CVE vulnerabilities classified as CWE-226 with an average CVSS score of 5.8583333333333.

What is the severity distribution for CWE-226?

CWE-226 contains 0 critical, 4 high, 6 medium, and 2 low severity vulnerabilities.

CWE-226

Total CVEs

Vulnerabilities

Avg CVSS v3

5.9

Medium

Avg CVSS v2

4.2

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 0

High 4

33.3%

Medium 6

50%

Low 2

16.7%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (12)

Page 1 of 1

CVE-2022-39393

HIGH

CVSS:8.6(High)

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused ...

CWE-2262022

CVE-2024-38275

HIGH

CVSS:7.5(High)

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

CWE-2262024

CVE-2018-7166

HIGH

CVSS:7.5(High)

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or...

CWE-2262018

CVE-2023-41138

MEDIUM

CVSS:6.7(Medium)

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

CWE-2262023

CVE-2024-32036

MEDIUM

CVSS:6.5(Medium)

ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file...

CWE-2262024

CVE-2024-21850

HIGH

CVSS:6.0(Medium)

Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privile...

CWE-2262024

CVE-2025-48066

MEDIUM

CVSS:5.5(Medium)

wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its l...

CWE-2262025

CVE-2023-3006

MEDIUM

CVSS:5.5(Medium)

A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malici...

CWE-2262023

CVE-2023-1637

MEDIUM

CVSS:5.5(Medium)

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CP...

CWE-2262023

CVE-2020-27218

MEDIUM

CVSS:4.8(Medium)

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients ...

CWE-2262020

CVE-2024-7883

LOW

CVSS:3.7(Low)

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns ...

CWE-2262024

CVE-2019-1573

LOW

CVSS:2.5(Low)

GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to i...

CWE-2262019