CVEs classified under CWE-130, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2022-2714 — CVSS 9.8 (critical): Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
CVE-2026-9054: An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.
CVE-2022-1543 — CVSS 8.8 (high): Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service…
CVE-2026-3868: An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper…
CVE-2026-5367 — CVSS 8.6 (high): A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6)…
CVE-2022-20870 — CVSS 8.6 (high): A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst…
CVE-2026-33846 — CVSS 7.5 (high): A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in…
CVE-2026-31635 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check…
CVE-2025-30659 — CVSS 7.5 (high): An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on…
CVE-2024-53856 — CVSS 7.5 (high): rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data…
CVE-2024-41990 — CVSS 7.5 (high): An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a…
CVE-2024-39614 — CVSS 7.5 (high): An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential…
CVE-2024-38875 — CVSS 7.5 (high): An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of…
CVE-2023-33192 — CVSS 7.5 (high): ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the…
CVE-2023-28964 — CVSS 7.5 (high): An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and…
CVE-2022-41586 — CVSS 7.5 (high): The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may…
CVE-2022-3290 — CVSS 7.5 (high): Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVE-2022-3272 — CVSS 7.5 (high): Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVE-2022-0677 — CVSS 7.5 (high): Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in…
CVE-2021-43666 — CVSS 7.5 (high): A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's…
CVE-2022-0618 — CVSS 7.5 (high): A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2…
CVE-2022-24666 — CVSS 7.5 (high): A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2…
CVE-2021-20610 — CVSS 7.5 (high): Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R…
CVE-2021-36090 — CVSS 7.5 (high): When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-20588 — CVSS 7.5 (high): Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging…
CVE-2019-0055 — CVSS 7.5 (high): A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS)…
CVE-2026-41035 — CVSS 7.4 (high): In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free…
CVE-2023-5393 — CVSS 7.4 (high): Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code…
CVE-2024-35313 — CVSS 7.3 (high): In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004.
CVE-2021-38445 — CVSS 7.0 (high): OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may…
CVE-2025-8531 — CVSS 6.8 (medium): Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU…
CVE-2026-48685 — CVSS 6.5 (medium): FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the…
CVE-2026-5265 — CVSS 6.5 (medium): When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the…
CVE-2026-40199 — CVSS 6.5 (medium): Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes…
CVE-2025-48022 — CVSS 6.5 (medium): A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives…
CVE-2025-52949 — CVSS 6.5 (medium): An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and…
CVE-2024-20416 — CVSS 6.5 (medium): A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to…
CVE-2020-16224 — CVSS 6.5 (medium): In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or…
CVE-2025-26432 — CVSS 5.5 (medium): In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local…
CVE-2021-36374 — CVSS 5.5 (medium): When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory…
CVE-2021-36373 — CVSS 5.5 (medium): When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an…
CVE-2026-6432: Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.