CVEs classified under CWE-118, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2016-10495 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type…
CVE-2015-9142 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400…
CVE-2015-2004 — CVSS 9.8 (critical): The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize…
CVE-2015-2003 — CVSS 9.8 (critical): The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method…
CVE-2015-2002 — CVSS 9.8 (critical): The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in…
CVE-2015-2001 — CVSS 9.8 (critical): The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable…
CVE-2015-2000 — CVSS 9.8 (critical): The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable…
CVE-2014-9411 — CVSS 9.8 (critical): In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially…
CVE-2023-37923 — CVSS 7.8 (high): Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file…
CVE-2023-37922 — CVSS 7.8 (high): Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file…
CVE-2023-37921 — CVSS 7.8 (high): Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file…
CVE-2018-7530 — CVSS 7.8 (high): Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and…
CVE-2017-5884 — CVSS 7.8 (high): gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary…
CVE-2020-3369 — CVSS 7.5 (high): A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to…
CVE-2025-48902 — CVSS 6.6 (medium): Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may…
CVE-2017-10872 — CVSS 6.5 (medium): H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.
CVE-2019-6130 — CVSS 5.5 (medium): Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to…
CVE-2025-54628 — CVSS 5.3 (medium): Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may…
CVE-2017-0302 — CVSS 5.3 (medium): In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be…