CVEs classified under CWE-358, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2018-0268 — CVSS 10.0 (critical): A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated…
CVE-2022-25152 — CVSS 9.9 (critical): The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to…
CVE-2025-66603 — CVSS 9.8 (critical): A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An…
CVE-2025-62583 — CVSS 9.8 (critical): Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
CVE-2023-3266 — CVSS 9.8 (critical): A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication…
CVE-2019-6742 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2…
CVE-2016-10229 — CVSS 9.8 (critical): udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second…
CVE-2026-48797: Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex…
CVE-2025-69234 — CVSS 9.1 (critical): Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
CVE-2023-39403 — CVSS 9.1 (critical): Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be…
CVE-2026-1486 — CVSS 8.8 (high): A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity…
CVE-2025-66600: A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport…
CVE-2025-3069 — CVSS 8.8 (high): Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege…
CVE-2024-6101 — CVSS 8.8 (high): Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory…
CVE-2019-3894 — CVSS 8.8 (high): It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run…
CVE-2026-12577: DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.
CVE-2016-10825 — CVSS 8.1 (high): cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
CVE-2019-3806 — CVSS 8.1 (high): An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received…
CVE-2024-27842 — CVSS 7.8 (high): The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with…
CVE-2024-25545 — CVSS 7.8 (high): An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework…
CVE-2026-2645 — CVSS 7.5 (high): In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept…
CVE-2025-62585 — CVSS 7.5 (high): Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
CVE-2025-59147 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community…
CVE-2023-40445 — CVSS 7.5 (high): The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.
CVE-2022-38732 — CVSS 7.5 (high): SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that…
CVE-2018-16860 — CVSS 7.5 (high): A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up…
CVE-2018-1243 — CVSS 7.5 (high): Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a…
CVE-2017-15107 — CVSS 7.5 (high): A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be…
CVE-2017-15665 — CVSS 7.5 (high): In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted…
CVE-2017-15664 — CVSS 7.5 (high): In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a…
CVE-2017-15663 — CVSS 7.5 (high): In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a…
CVE-2017-15662 — CVSS 7.5 (high): In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a…
CVE-2017-7177 — CVSS 7.5 (high): Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
CVE-2016-3017 — CVSS 7.5 (high): IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.
CVE-2019-14823 — CVSS 7.4 (high): A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it…
CVE-2018-16857 — CVSS 7.4 (high): Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of…
CVE-2025-58308 — CVSS 7.3 (high): Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause…
CVE-2025-32086 — CVSS 7.2 (high): Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R)…
CVE-2024-2617 — CVSS 7.2 (high): A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature…
CVE-2026-44473 — CVSS 7.1 (high): Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged…
CVE-2017-15091 — CVSS 7.1 (high): An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11…
CVE-2026-11127 — CVSS 6.5 (medium): Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain…
CVE-2024-5500 — CVSS 6.5 (medium): Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions…
CVE-2018-20934 — CVSS 6.5 (medium): cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
CVE-2024-23592 — CVSS 6.3 (medium): An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with…
CVE-2026-11122 — CVSS 6.1 (medium): Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or…
CVE-2026-44475 — CVSS 6.1 (medium): Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in…
CVE-2026-42081 — CVSS 6.1 (medium): free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security…
CVE-2025-66601 — CVSS 6.1 (medium): A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an…