CVEs classified under CWE-123, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (34)
CVE-2025-69809 — CVSS 9.8 (critical): A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling…
CVE-2022-38143 — CVSS 9.8 (critical): A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp…
CVE-2021-38449 — CVSS 9.8 (critical): Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker…
CVE-2015-8271 — CVSS 9.8 (critical): The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.
CVE-2026-43284 — CVSS 8.8 (high): In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES…
CVE-2025-9900 — CVSS 8.8 (high): A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted…
CVE-2022-41757 — CVSS 8.8 (high): An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain…
CVE-2020-7560 — CVSS 8.6 (high): A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of…
CVE-2025-33045 — CVSS 8.2 (high): APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive…
CVE-2024-36877 — CVSS 8.2 (high): Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware…
CVE-2022-35408 — CVSS 8.2 (high): An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in…
CVE-2024-2607 — CVSS 8.1 (high): Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A…
CVE-2021-42540 — CVSS 8.0 (high): The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic…
CVE-2026-45257 — CVSS 7.8 (high): The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This…
CVE-2026-46323 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy…
CVE-2026-41952 — CVSS 7.8 (high): Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before…
CVE-2024-45142 — CVSS 7.8 (high): Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to…
CVE-2021-45465 — CVSS 7.8 (high): A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied…
CVE-2018-3971 — CVSS 7.8 (high): An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A…
CVE-2018-16962 — CVSS 7.8 (high): Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.
CVE-2017-6282 — CVSS 7.8 (high): NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary…
CVE-2025-7403 — CVSS 7.6 (high): Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are…
CVE-2025-55298 — CVSS 7.5 (high): ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and…
CVE-2017-10994 — CVSS 7.3 (high): Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute…
CVE-2021-1520 — CVSS 6.7 (medium): A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an…
CVE-2018-15376 — CVSS 6.7 (medium): A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could…
CVE-2018-15375 — CVSS 6.7 (medium): A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could…
CVE-2022-37904 — CVSS 6.6 (medium): Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot…
CVE-2021-38441 — CVSS 6.6 (medium): Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary…
CVE-2025-14857: An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory…
CVE-2021-1390 — CVSS 5.1 (medium): A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute…
CVE-2025-29943: Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline…
CVE-2021-36057 — CVSS 3.3 (low): XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's…