Skip to main content

CWE-794

Incomplete Filtering of Multiple Instances of Special Elements

4 CVEs Avg CVSS 8.2 MITRE
2
CRITICAL
1
HIGH
1
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-21876 CRITICAL POC PATCH Act Now

OWASP Core Rule Set (CRS) before 4.22.0 and 3.3.8 has a bug in rule 922110 that allows WAF bypass on multipart requests. The rule's capture variables get overwritten when processing multiple parts, allowing SQL injection and other attacks to slip through. PoC available, patch available.

Information Disclosure Owasp Modsecurity Core Rule Set
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.3
EPSS
0.1%
CVE-2021-0203 HIGH This Week

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2020-1665 MEDIUM This Month

On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2019-0002 CRITICAL Act Now

On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
9.8
EPSS
2.4%
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

OWASP Core Rule Set (CRS) before 4.22.0 and 3.3.8 has a bug in rule 922110 that allows WAF bypass on multipart requests. The rule's capture variables get overwritten when processing multiple parts, allowing SQL injection and other attacks to slip through. PoC available, patch available.

Information Disclosure Owasp Modsecurity Core Rule Set
NVD GitHub VulDB Exploit-DB
EPSS 1% CVSS 8.6
HIGH This Week

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy