CVEs classified under CWE-390, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2026-52989 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers…
CVE-2026-53434 — CVSS 9.1 (critical): Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue…
CVE-2025-46367 — CVSS 7.8 (high): Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability…
CVE-2024-27919 — CVSS 7.5 (high): Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to…
CVE-2025-26465 — CVSS 6.8 (medium): A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a…
CVE-2025-25204 — CVSS 6.3 (medium): `gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in…
CVE-2024-12086 — CVSS 6.1 (medium): A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue…
CVE-2024-11942 — CVSS 5.9 (medium): A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.
CVE-2024-20316 — CVSS 5.8 (medium): A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to…
CVE-2024-30255 — CVSS 5.3 (medium): Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4…
CVE-2026-48792 — CVSS 4.4 (medium): pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES…
CVE-2025-0029: Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA…