CVEs classified under CWE-228, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2020-27847 — CVSS 9.8 (critical): A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw…
CVE-2026-20125 — CVSS 7.7 (high): A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote…
CVE-2026-42100 — CVSS 7.5 (high): Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by…
CVE-2026-34232 — CVSS 7.5 (high): Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector()…
CVE-2025-0343 — CVSS 7.5 (high): Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library…
CVE-2024-21612 — CVSS 7.5 (high): An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos…
CVE-2021-38443 — CVSS 6.6 (medium): Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in…
CVE-2025-59174 — CVSS 6.5 (medium): Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially…
CVE-2026-25657 — CVSS 6.5 (medium): Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228)…
CVE-2024-22809 — CVSS 6.5 (medium): Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder…
CVE-2024-6382 — CVSS 6.4 (medium): Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause…
CVE-2024-55594 — CVSS 5.6 (medium): An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10…
CVE-2023-42784 — CVSS 5.6 (medium): An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10…
CVE-2024-53828 — CVSS 5.3 (medium): Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially…
CVE-2024-22815 — CVSS 5.3 (medium): An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of…
CVE-2025-2529 — CVSS 2.9 (low): Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache…
CVE-2025-47736 — CVSS 2.9 (low): dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.