CVEs classified under CWE-170, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (34)
CVE-2021-1418 — CVSS 9.9 (critical): Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker…
CVE-2021-1417 — CVSS 9.9 (critical): Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker…
CVE-2021-1411 — CVSS 9.9 (critical): Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker…
CVE-2026-5067 — CVSS 9.8 (critical): A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted…
CVE-2026-8721 — CVSS 9.8 (critical): Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are…
CVE-2021-31886 — CVSS 9.8 (critical): A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC…
CVE-2021-31884 — CVSS 9.8 (critical): A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC…
CVE-2019-8275 — CVSS 9.8 (critical): UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being…
CVE-2021-31888 — CVSS 8.8 (high): A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC…
CVE-2021-31887 — CVSS 8.8 (high): A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC…
CVE-2024-45288 — CVSS 8.4 (high): A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer.
CVE-2024-31484 — CVSS 7.8 (high): A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central…
CVE-2025-67790 — CVSS 7.5 (high): An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause…
CVE-2023-24021 — CVSS 7.5 (high): Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer…
CVE-2022-47515 — CVSS 7.5 (high): An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long…
CVE-2026-42010 — CVSS 7.1 (high): A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames…
CVE-2025-2026: The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a…
CVE-2021-1120 — CVSS 7.0 (high): NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be…
CVE-2023-48674 — CVSS 6.8 (medium): Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could…
CVE-2024-31197 — CVSS 5.3 (medium): Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is…
CVE-2020-7066 — CVSS 5.3 (medium): In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL…
CVE-2025-66220 — CVSS 5.0 (medium): Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher…
CVE-2026-32837 — CVSS 4.0 (medium): miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae and 1df46ae) contain a heap out-of-bounds read vulnerability in the WAV…
CVE-2026-12386 — CVSS 3.9 (low): Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers. This…
CVE-2019-11044 — CVSS 3.7 (low): In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte…
CVE-2026-40334 — CVSS 3.5 (low): libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in…
CVE-2026-23749 — CVSS 2.9 (low): Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null…
CVE-2026-2239 — CVSS 2.8 (low): A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted…