CWE-86 is a common weakness enumeration in software security. This database tracks 8 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-86?

There are 8 CVE vulnerabilities classified as CWE-86 with an average CVSS score of 6.325.

What is the severity distribution for CWE-86?

CWE-86 contains 1 critical, 2 high, 5 medium, and 0 low severity vulnerabilities.

CWE-86

Total CVEs

Vulnerabilities

Avg CVSS v3

6.3

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 1

12.5%

High 2

25%

Medium 5

62.5%

Low 0

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (8)

Page 1 of 1

CVE-2023-31126

CRITICAL

CVSS:9.6(Critical)

`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code an...

CWE-862023

CVE-2024-21864

HIGH

CVSS:7.8(High)

Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacen...

CWE-862024

CVE-2021-33158

HIGH

CVSS:7.2(High)

Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via lo...

CWE-862021

CVE-2023-22840

MEDIUM

CVSS:5.5(Medium)

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.

CWE-862023

CVE-2025-20168

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga...

CWE-862025

CVE-2025-20167

MEDIUM

CVSS:5.4(Medium)

CWE-862025

CVE-2025-20166

MEDIUM

CVSS:5.4(Medium)

CWE-862025

CVE-2024-10941

MEDIUM

CVSS:4.3(Medium)

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

CWE-862024