CVEs classified under CWE-155, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2025-27515 — CVSS 9.8 (critical): Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted…
CVE-2025-4232 — CVSS 8.8 (high): An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS…
CVE-2025-11757: The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the…
CVE-2024-47791 — CVSS 7.5 (high): Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie…
CVE-2025-24376 — CVSS 6.5 (medium): kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design…
CVE-2024-6509 — CVSS 6.5 (medium): Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which…
CVE-2024-0055 — CVSS 6.5 (medium): Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for…
CVE-2024-0054 — CVSS 6.5 (medium): Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi…
CVE-2020-1772 — CVSS 6.5 (medium): It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s)…
CVE-2025-0681 — CVSS 6.2 (medium): The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive…
CVE-2025-0106 — CVSS 5.3 (medium): A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host…
CVE-2019-3802 — CVSS 5.3 (medium): This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.ST…
CVE-2024-8688 — CVSS 4.4 (medium): An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables…
CVE-2026-49482 — CVSS 4.3 (medium): ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of…