CVEs classified under CWE-172, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2019-10160 — CVSS 9.8 (critical): A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions…
CVE-2018-3777 — CVSS 9.8 (critical): Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.
CVE-2016-6691 — CVSS 9.8 (critical): service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers…
CVE-2025-27110 — CVSS 7.5 (high): Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking…
CVE-2026-42926 — CVSS 5.8 (medium): When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker…
CVE-2018-7173 — CVSS 5.5 (medium): A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to…
CVE-2016-3829 — CVSS 5.5 (medium): The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote…
CVE-2016-3828 — CVSS 5.5 (medium): decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote…
CVE-2016-3827 — CVSS 5.5 (medium): codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows…
CVE-2019-10153 — CVSS 5.0 (medium): A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields…
CVE-2018-2415 — CVSS 4.7 (medium): SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine…
CVE-2018-7289 — CVSS 3.3 (low): An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16…
CVE-2021-33604 — CVSS 2.5 (low): URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0…
CVE-2024-48909 — CVSS 2.0 (low): SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior…