CVEs classified under CWE-1025, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2026-9800 — CVSS 8.1 (high): A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies…
CVE-2026-40880 — CVSS 8.1 (high): ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's…
CVE-2025-32464 — CVSS 6.8 (medium): HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling…
CVE-2026-40227 — CVSS 6.2 (medium): In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
CVE-2024-20342 — CVSS 5.8 (medium): Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an…
CVE-2025-2888 — CVSS 4.5 (medium): During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform…
CVE-2025-2887 — CVSS 4.5 (medium): During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from…
CVE-2025-27839 — CVSS 3.2 (low): operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation…