CVEs classified under CWE-392, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-32743 — CVSS 9.0 (critical): In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in…
CVE-2017-2342 — CVSS 8.1 (high): MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can…
CVE-2026-42246 — CVSS 7.4 (high): Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and…
CVE-2025-23270 — CVSS 7.1 (high): NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive…
CVE-2024-12797 — CVSS 6.3 (medium): Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not…
CVE-2026-20005 — CVSS 5.8 (medium): Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote…
CVE-2025-26268 — CVSS 3.3 (low): DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The…
CVE-2025-59398 — CVSS 3.1 (low): The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters…
CVE-2023-48430 — CVSS 2.7 (low): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the…