CVEs classified under CWE-353, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2026-7574 — CVSS 8.7 (high): Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and…
CVE-2024-46917 — CVSS 8.1 (high): Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity…
CVE-2021-28545 — CVSS 8.1 (high): Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing…
CVE-2024-27817 — CVSS 7.8 (high): The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey…
CVE-2023-32475 — CVSS 7.6 (high): Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially…
CVE-2026-48995 — CVSS 7.5 (high): pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm…
CVE-2019-10943 — CVSS 7.5 (high): A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC…
CVE-2025-15364 — CVSS 7.3 (high): The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including…
CVE-2025-48500 — CVSS 7.3 (high): A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker…
CVE-2026-42428 — CVSS 7.1 (high): OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or…
CVE-2025-10010 — CVSS 6.8 (medium): The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to…
CVE-2025-48811 — CVSS 6.7 (medium): Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate…
CVE-2025-48803 — CVSS 6.7 (medium): Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate…
CVE-2021-28546 — CVSS 6.5 (medium): Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing…
CVE-2026-33261 — CVSS 5.9 (medium): A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.
CVE-2026-21437 — CVSS 5.5 (medium): eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not…
CVE-2026-3856 — CVSS 5.3 (medium): IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism…
CVE-2025-32890 — CVSS 5.3 (medium): An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without…
CVE-2025-32882 — CVSS 5.3 (medium): An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption…
CVE-2023-29290 — CVSS 5.3 (medium): Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization…