CVEs classified under CWE-1288, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2026-31709 — CVSS 8.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl…
CVE-2022-50976 — CVSS 7.7 (high): A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
CVE-2024-39515 — CVSS 7.5 (high): An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and…
CVE-2024-31136 — CVSS 7.4 (high): In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
CVE-2023-32701 — CVSS 7.1 (high): Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause…
CVE-2024-12093 — CVSS 6.8 (medium): An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1…
CVE-2024-8305 — CVSS 6.5 (medium): prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases…
CVE-2024-5953 — CVSS 5.7 (medium): A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server…
CVE-2025-10929 — CVSS 5.3 (medium): Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled…
CVE-2023-1620 — CVSS 4.9 (medium): Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a…
CVE-2023-1619 — CVSS 4.9 (medium): Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a…
CVE-2026-14781 — CVSS 4.8 (medium): A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC…
CVE-2025-2885 — CVSS 4.5 (medium): Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of…
CVE-2026-9689 — CVSS 4.2 (medium): A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept…
CVE-2024-31140 — CVSS 4.1 (medium): In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools