CVEs classified under CWE-1289, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2026-39821 — CVSS 9.6 (critical): The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example…
CVE-2026-50090 — CVSS 9.3 (critical): The Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/authorize) is vulnerable to a redirect bypass due to lax controls on…
CVE-2024-42219 — CVSS 7.8 (high): 1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is…
CVE-2026-49942 — CVSS 7.3 (high): Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode…
CVE-2024-45179 — CVSS 7.2 (high): An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web…
CVE-2026-39972: Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache…
CVE-2026-49940 — CVSS 6.5 (medium): Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One…
CVE-2026-45191 — CVSS 6.5 (medium): Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP…
CVE-2026-45190 — CVSS 6.5 (medium): Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass…
CVE-2024-45308 — CVSS 6.5 (medium): HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is…
CVE-2026-34080 — CVSS 5.5 (medium): xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop…
CVE-2026-3563 — CVSS 5.5 (medium): Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with…
CVE-2026-22569 — CVSS 5.4 (medium): An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from…
CVE-2026-27610 — CVSS 5.3 (medium): Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the…
CVE-2024-8372 — CVSS 4.8 (medium): Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions…
CVE-2024-42218 — CVSS 4.7 (medium): 1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.
CVE-2026-1094 — CVSS 4.6 (medium): GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated…