By weakness (CWE)
CWE-840: related vulnerabilities
CVEs classified under CWE-840. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-41973MEDIUM 5.9
CVE-2026-41973 is a permission control vulnerability affecting the calls functionality in an unspecified application. An attacker with local access to a system can exploit insufficient permission checks to read sensitive information, modify data, or disrupt service availability. The vulnerability requires no special privileges or user interaction to trigger, making it a concern for systems where local access controls are weak or where multiple users share the same machine.
- CVE-2026-11465LOW 3.1
A logic flaw exists in songquanpeng one-api versions up to 0.6.11-preview.7 that affects the redemption code top-up functionality. An authenticated attacker with specific knowledge of the system could bypass or manipulate the business logic governing how redemption codes are processed, potentially allowing unauthorized credit issuance or redemption manipulation. The attack is complex to execute and requires an active user account, making widespread exploitation unlikely in typical deployments.