CVEbaza.plCWE DictionaryCWE-1038
Common Weakness Enumeration

CWE-1038

Insecure Automated Optimizations

Category: ClassCVE: 6
Description

The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.

CVE vulnerabilities with CWE-1038 (6)
8.1
CVSS
HIGH
CVE-2025-48877

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site's `allowed_iframes`.

pub. 2025-06-09
7.9
CVSS
HIGH
CVE-2022-26861

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.

pub. 2022-09-06
4.9
CVSS
MEDIUM
CVE-2023-52969

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.

pub. 2025-03-08
4.9
CVSS
MEDIUM
CVE-2023-52970

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.

pub. 2025-03-08
4.9
CVSS
MEDIUM
CVE-2023-52971

MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.

pub. 2025-03-08
3.0
CVSS
LOW
CVE-2022-31220

Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.

pub. 2022-09-12
Information
ID: CWE-1038
Type: Class
Vulnerabilities: 6
MITRE CWE ↗
← CWE Dictionary