CWE-791 is a common weakness enumeration in software security. This database tracks 13 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-791?

There are 13 CVE vulnerabilities classified as CWE-791 with an average CVSS score of 6.0666666666667.

What is the severity distribution for CWE-791?

CWE-791 contains 0 critical, 5 high, 8 medium, and 0 low severity vulnerabilities.

CWE-791

Total CVEs

Vulnerabilities

Avg CVSS v3

6.1

Medium

Avg CVSS v2

4.9

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 0

High 5

38.5%

Medium 8

61.5%

Low 0

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (13)

Page 1 of 1

CVE-2024-47590

HIGH

CVSS:8.8(High)

An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page...

CWE-7912024

CVE-2022-2132

HIGH

CVSS:8.6(High)

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

CWE-7912022

CVE-2024-39283

HIGH

CVSS:7.8(High)

Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access...

CWE-7912024

CVE-2023-31172

HIGH

CVSS:7.4(High)

An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be ...

CWE-7912023

CVE-2025-5325

MEDIUM

CVSS:6.3(Medium)

A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the f...

CWE-7912025

CVE-2025-2040

MEDIUM

CVSS:6.3(Medium)

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulat...

CWE-7912025

CVE-2023-1076

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devic...

CWE-7912023

CVE-2020-36827

MEDIUM

CVSS:5.4(Medium)

The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.

CWE-7912020

CVE-2025-0716

MEDIUM

CVSS:4.8(Medium)

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form...

CWE-7912025

CVE-2024-8373

MEDIUM

CVSS:4.3(Medium)

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Conten...

CWE-7912024

CVE-2024-32162

MEDIUM

CVSS:4.3(Medium)

CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.

CWE-7912024

CVE-2025-3841

MEDIUM

CVSS:3.3(Low)

A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Ji...

CWE-7912025

CVE-2024-45481

HIGH

An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user.

CWE-7912024