CVEs classified under CWE-248, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2018-11466 — CVSS 9.8 (critical): A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All…
CVE-2024-42037 — CVSS 9.3 (critical): Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service…
CVE-2025-53620: @builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the…
CVE-2026-46689: Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a…
CVE-2026-9509: An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to…
CVE-2025-9124: A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected…
CVE-2025-53366: The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a…
CVE-2025-53365: The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a…
CVE-2025-48997: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and…
CVE-2025-43855: tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before…
CVE-2025-24883: go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash…
CVE-2026-44001 — CVSS 8.6 (high): vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to…
CVE-2024-43357 — CVSS 8.6 (high): ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of…
CVE-2023-20086 — CVSS 8.6 (high): A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software…
CVE-2023-39945 — CVSS 8.2 (high): eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions…
CVE-2025-20176 — CVSS 7.7 (high): A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to…
CVE-2025-20173 — CVSS 7.7 (high): A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to…
CVE-2025-20172 — CVSS 7.7 (high): A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated…
CVE-2025-20171 — CVSS 7.7 (high): A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to…
CVE-2026-14181 — CVSS 7.5 (high): @fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone engine when incoming request…
CVE-2026-50129 — CVSS 7.5 (high): Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by…
CVE-2026-46545 — CVSS 7.5 (high): Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a…
CVE-2026-44905 — CVSS 7.5 (high): Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was…
CVE-2026-43988 — CVSS 7.5 (high): Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was…
CVE-2026-37554 — CVSS 7.5 (high): An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists…
CVE-2026-34943 — CVSS 7.5 (high): Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen…
CVE-2026-24175 — CVSS 7.5 (high): NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header…
CVE-2026-34986 — CVSS 7.5 (high): Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web…
CVE-2026-34752 — CVSS 7.5 (high): Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker…
CVE-2026-33203 — CVSS 7.5 (high): SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated…
CVE-2026-32314 — CVSS 7.5 (high): Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can…
CVE-2026-2229 — CVSS 7.5 (high): ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits…
CVE-2026-1528 — CVSS 7.5 (high): ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows…
CVE-2026-31870 — CVSS 7.5 (high): cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the…
CVE-2026-1507 — CVSS 7.5 (high): The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI…
CVE-2026-25577 — CVSS 7.5 (high): Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Reque…
CVE-2025-59466 — CVSS 7.5 (high): We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when…
CVE-2025-12423 — CVSS 7.5 (high): Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-62370 — CVSS 7.5 (high): Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input…
CVE-2025-59538 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through…
CVE-2025-55557 — CVSS 7.5 (high): A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of…
CVE-2025-55553 — CVSS 7.5 (high): A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVE-2013-10065 — CVSS 7.5 (high): A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet…
CVE-2025-7338 — CVSS 7.5 (high): Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and…
CVE-2025-29785 — CVSS 7.5 (high): quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0…
CVE-2025-47944 — CVSS 7.5 (high): Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and…
CVE-2025-23166 — CVSS 7.5 (high): The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background…
CVE-2025-3891 — CVSS 7.5 (high): A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial…