CVEs classified under CWE-252, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-66565 — CVSS 9.8 (critical): Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random…
CVE-2021-38171 — CVSS 9.8 (critical): adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step…
CVE-2021-26955 — CVSS 9.8 (critical): An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::na…
CVE-1999-0199 — CVSS 9.8 (critical): manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion…
CVE-2019-15900 — CVSS 9.8 (critical): An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was…
CVE-2010-0211 — CVSS 9.8 (critical): The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which…
CVE-2007-3798 — CVSS 9.8 (critical): Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via…
CVE-2024-50306 — CVSS 9.1 (critical): Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from…
CVE-2022-25718 — CVSS 9.1 (critical): Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon…
CVE-2022-23806 — CVSS 9.1 (critical): Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int…
CVE-2024-38427 — CVSS 8.8 (high): In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in…
CVE-2021-26958 — CVSS 8.8 (high): An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type…
CVE-2019-15942 — CVSS 8.8 (high): FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in…
CVE-2021-40401 — CVSS 8.6 (high): A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit…
CVE-2022-23626 — CVSS 8.5 (high): m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been…
CVE-2023-47480 — CVSS 8.4 (high): An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function.
CVE-2025-0028: An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address…
CVE-2026-11972: When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, making…
CVE-2024-45419 — CVSS 8.1 (high): Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2020-17533 — CVSS 8.1 (high): Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions…
CVE-2023-40303 — CVSS 7.8 (high): GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp…
CVE-2017-0720 — CVSS 7.8 (high): A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0…
CVE-2017-6964 — CVSS 7.8 (high): dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid…
CVE-2005-4360 — CVSS 7.8 (high): The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute…
CVE-2021-32845 — CVSS 7.7 (high): HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the…
CVE-2023-41092 — CVSS 7.6 (high): Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated…
CVE-2026-40092 — CVSS 7.5 (high): nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer…
CVE-2026-40060 — CVSS 7.5 (high): When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to…
CVE-2026-34065 — CVSS 7.5 (high): nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0…
CVE-2026-31830 — CVSS 7.5 (high): sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3…
CVE-2026-28691 — CVSS 7.5 (high): ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an…
CVE-2026-21920 — CVSS 7.5 (high): An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated…
CVE-2025-62790 — CVSS 7.5 (high): Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state()…
CVE-2025-62789 — CVSS 7.5 (high): Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation…
CVE-2025-62785 — CVSS 7.5 (high): Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check…
CVE-2025-61935 — CVSS 7.5 (high): When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to…
CVE-2024-8110 — CVSS 7.5 (high): Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product…
CVE-2024-0743 — CVSS 7.5 (high): An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox <…
CVE-2023-25733 — CVSS 7.5 (high): The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer…
CVE-2023-24825 — CVSS 7.5 (high): RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2022-43765 — CVSS 7.5 (high): B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a…
CVE-2022-43763 — CVSS 7.5 (high): Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL…
CVE-2022-23495 — CVSS 7.5 (high): go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may…
CVE-2022-23476 — CVSS 7.5 (high): Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return…
CVE-2022-22231 — CVSS 7.5 (high): An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows…
CVE-2022-40279 — CVSS 7.5 (high): An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packe…
CVE-2022-38936 — CVSS 7.5 (high): An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.
CVE-2022-1319 — CVSS 7.5 (high): A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse…
CVE-2022-31170 — CVSS 7.5 (high): OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting…
CVE-2022-31089 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types…