CVEs classified under CWE-350, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2026-1490 — CVSS 9.8 (critical): The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due…
CVE-2023-52235 — CVSS 8.8 (high): SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a…
CVE-2025-8036 — CVSS 8.1 (high): Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This…
CVE-2026-33002 — CVSS 7.5 (high): Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made…
CVE-2021-34561 — CVSS 7.5 (high): In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based…
CVE-2021-22884 — CVSS 7.5 (high): Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”…
CVE-2026-36604 — CVSS 6.5 (medium): Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An…
CVE-2026-28271 — CVSS 6.5 (medium): Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows…
CVE-2025-61430 — CVSS 6.5 (medium): Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server…
CVE-2020-11091 — CVSS 5.8 (medium): In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the…
CVE-2024-53275: Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of…
CVE-2026-6874 — CVSS 4.3 (medium): A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component…
CVE-2025-59163: vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack…
CVE-2026-12635 — CVSS 0.0 (none): GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1…