CVEs classified under CWE-127, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-10395 — CVSS 8.6 (high): No proper validation of the length of user input in http_server_get_content_type_from_extension.
CVE-2026-5928 — CVSS 7.5 (high): Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and…
CVE-2025-20359 — CVSS 6.5 (medium): Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to…
CVE-2025-32050 — CVSS 5.9 (medium): A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2026-45683 — CVSS 3.8 (low): OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS…