CVEs classified under CWE-180, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2026-24895 — CVSS 9.8 (critical): FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode…
CVE-2026-48721 — CVSS 8.6 (high): Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command…
CVE-2026-45022 — CVSS 7.5 (high): go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git…
CVE-2026-39364 — CVSS 7.5 (high): Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be…
CVE-2026-42462 — CVSS 7.0 (high): Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18…
CVE-2025-43716 — CVSS 5.8 (medium): A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the…
CVE-2025-33194 — CVSS 5.7 (medium): NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A…
CVE-2026-34475 — CVSS 5.4 (medium): Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of /…
CVE-2026-39409 — CVSS 5.3 (medium): Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction() does not…
CVE-2026-34786 — CVSS 5.3 (medium): Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules evaluates several…
CVE-2024-28607 — CVSS 2.9 (low): The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as…