CVEs classified under CWE-354, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-11543 — CVSS 9.8 (critical): Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run…
CVE-2023-33668 — CVSS 9.8 (critical): DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared…
CVE-2017-15994 — CVSS 9.8 (critical): rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended…
CVE-2026-49230 — CVSS 9.1 (critical): Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is…
CVE-2026-34182 — CVSS 9.1 (critical): Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length…
CVE-2025-54887 — CVSS 9.1 (critical): jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of…
CVE-2022-29898 — CVSS 9.1 (critical): On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute…
CVE-2024-3596 — CVSS 9.0 (critical): RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept…
CVE-2020-14120 — CVSS 8.8 (high): Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a…
CVE-2020-25758 — CVSS 8.8 (high): An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote…
CVE-2020-7810 — CVSS 8.8 (high): hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting…
CVE-2017-4961 — CVSS 8.8 (high): An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an…
CVE-2025-11694: A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in…
CVE-2026-26928: SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR…
CVE-2024-48930: secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version…
CVE-2022-25946 — CVSS 8.7 (high): On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided…
CVE-2023-28386 — CVSS 8.6 (high): Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the…
CVE-2018-21070 — CVSS 8.4 (high): An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass…
CVE-2024-3727 — CVSS 8.3 (high): A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry…
CVE-2026-32600 — CVSS 8.2 (high): xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with…
CVE-2026-32313 — CVSS 8.2 (high): xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either…
CVE-2026-31839 — CVSS 8.2 (high): Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital…
CVE-2020-26896 — CVSS 8.2 (high): Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC…
CVE-2026-5479 — CVSS 8.1 (high): In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization…
CVE-2025-7096 — CVSS 8.1 (high): A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code…
CVE-2022-36174 — CVSS 8.1 (high): FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken…
CVE-2019-13496 — CVSS 8.1 (high): One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity…
CVE-2017-3760 — CVSS 8.1 (high): The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded…
CVE-2024-52550 — CVSS 8.0 (high): Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main…
CVE-2022-29173 — CVSS 8.0 (high): go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the…
CVE-2022-35961 — CVSS 7.9 (high): OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are…
CVE-2024-46992 — CVSS 7.8 (high): Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions…
CVE-2024-51141 — CVSS 7.8 (high): An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe…
CVE-2020-4610 — CVSS 7.8 (high): IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper…
CVE-2019-0071 — CVSS 7.8 (high): Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a…
CVE-2019-11753 — CVSS 7.8 (high): The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by…
CVE-2019-12097 — CVSS 7.8 (high): Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or…
CVE-2018-6336 — CVSS 7.8 (high): An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing…
CVE-2026-32105 — CVSS 7.7 (high): xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code…
CVE-2024-32883 — CVSS 7.7 (high): MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data…
CVE-2024-34714 — CVSS 7.6 (high): The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development…
CVE-2026-8720 — CVSS 7.5 (high): wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is…
CVE-2026-28498 — CVSS 7.5 (high): Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was…
CVE-2026-26275 — CVSS 7.5 (high): httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where…
CVE-2023-38802 — CVSS 7.5 (high): FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with…
CVE-2023-30356 — CVSS 7.5 (high): Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device…
CVE-2022-45142 — CVSS 7.5 (high): The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to…
CVE-2022-38955 — CVSS 7.5 (high): An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a…
CVE-2021-37182 — CVSS 7.5 (high): A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE…