CWE-394 is a common weakness enumeration in software security. This database tracks 8 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-394?

There are 8 CVE vulnerabilities classified as CWE-394 with an average CVSS score of 6.0714285714286.

What is the severity distribution for CWE-394?

CWE-394 contains 0 critical, 4 high, 3 medium, and 1 low severity vulnerabilities.

CWE-394

Total CVEs

Vulnerabilities

Avg CVSS v3

6.1

Medium

Avg CVSS v2

4.3

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 0

High 4

50%

Medium 3

37.5%

Low 1

12.5%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (8)

Page 1 of 1

CVE-2023-25948

HIGH

CVSS:7.5(High)

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

CWE-3942023

CVE-2019-0066

HIGH

CVSS:7.5(High)

An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the...

CWE-3942019

CVE-2024-1713

HIGH

CVSS:7.2(High)

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.

CWE-3942024

CVE-2019-20924

MEDIUM

CVSS:6.5(Medium)

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server...

CWE-3942019

CVE-2018-20802

MEDIUM

CVSS:6.5(Medium)

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 ve...

CWE-3942018

CVE-2023-28975

MEDIUM

CVSS:4.6(Medium)

An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (D...

CWE-3942023

CVE-2023-48429

LOW

CVSS:2.7(Low)

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicio...

CWE-3942023

CVE-2025-23013

HIGH

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a Y...

CWE-3942025