CWE-914: Improper Control of Dynamically-Identified Variables
low-riskThe product does not properly restrict reading from or writing to dynamically-identified variables.
Abstraction: Base
Common Consequences
Integrity
→
Modify Application Data
Integrity
→
Execute Unauthorized Code or Commands
Other
→
Varies by Context
Real-World Examples (6)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2023-33175 | 9.1 | 0.6% | — |
| CVE-2024-24914 | 8.0 | 0.2% | — |
| CVE-2024-54198 | 8.5 | 0.2% | — |
| CVE-2025-14051 | 6.3 | 0.1% | — |
| CVE-2025-14085 | 6.3 | 0.1% | — |
| CVE-2026-35173 | 6.5 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal