By weakness (CWE)

CWE-345: related vulnerabilities

CVEs classified under CWE-345. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2022-4992HIGH 8.6

    Dräger patient monitors—specifically the Infinity Acute Care System and Standalone M540 models—contain a flaw in how they handle network messages. An attacker on the network can send malicious or fake data to these devices without needing credentials, which could cause them to reboot, lose connectivity, or have their alarm settings altered. This is especially serious in clinical environments where patient monitoring continuity is critical.

  • CVE-2026-41577HIGH 7.5

    Authentik, an open-source identity provider, contains a flaw in how it processes SAML authentication assertions. The software fails to validate time-based and audience restrictions on these assertions, meaning an attacker could replay old, expired authentication tokens or use tokens intended for a different service. This could allow unauthorized access to systems relying on authentik for authentication.