CVEs classified under CWE-270, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2023-37912 — CVSS 9.9 (critical): XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6…
CVE-2024-11263 — CVSS 9.3 (critical): When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the…
CVE-2024-36513 — CVSS 8.2 (high): A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4…
CVE-2017-2663 — CVSS 8.2 (high): It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and…
CVE-2025-9408 — CVSS 8.1 (high): System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for…
CVE-2024-46975 — CVSS 7.9 (high): Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's…
CVE-2025-60721 — CVSS 7.8 (high): Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.
CVE-2026-34853 — CVSS 7.7 (high): Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-55210 — CVSS 7.5 (high): FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api…
CVE-2024-12570 — CVSS 6.7 (medium): An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from…
CVE-2024-8641 — CVSS 6.7 (medium): An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from…
CVE-2025-26499 — CVSS 6.0 (medium): Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one…
CVE-2025-46406 — CVSS 5.6 (medium): A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one…
CVE-2024-47173 — CVSS 5.5 (medium): Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to…
CVE-2024-37294 — CVSS 5.5 (medium): Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024…
CVE-2024-51987 — CVSS 5.4 (medium): Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients…
CVE-2020-1719 — CVSS 5.4 (medium): A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The…
CVE-2025-49583 — CVSS 3.5 (low): XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRen…