CVEs classified under CWE-115, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2020-27846 — CVSS 9.8 (critical): A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest…
CVE-2020-29511 — CVSS 9.8 (critical): The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization…
CVE-2020-29510 — CVSS 9.8 (critical): The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization…
CVE-2020-29509 — CVSS 9.8 (critical): The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization…
CVE-2025-5747 — CVSS 8.0 (high): WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows…
CVE-2025-32908 — CVSS 7.5 (high): A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and…
CVE-2024-11169 — CVSS 7.5 (high): An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an…
CVE-2018-12116 — CVSS 7.5 (high): Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized…
CVE-2025-68113 — CVSS 6.5 (medium): ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge…
CVE-2025-25069 — CVSS 6.5 (medium): A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP…
CVE-2023-32260 — CVSS 6.5 (medium): Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and…
CVE-2022-21672 — CVSS 6.5 (medium): make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior…
CVE-2025-5826 — CVSS 6.3 (medium): Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows…
CVE-2025-54584 — CVSS 5.7 (medium): GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). In versions 1.19.1 and below, an…
CVE-2026-12491 — CVSS 4.8 (medium): A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of…
CVE-2023-32228 — CVSS 4.6 (medium): A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last…
CVE-2025-22870 — CVSS 4.4 (medium): Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY…
CVE-2026-42004 — CVSS 3.7 (low): An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT…