CVEs classified under CWE-394, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-12516 — CVSS 9.8 (critical): Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-12515 — CVSS 9.8 (critical): Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2026-25085 — CVSS 8.6 (high): A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine…
CVE-2019-0066 — CVSS 7.5 (high): An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows…
CVE-2025-23013: In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module…
CVE-2025-48510 — CVSS 7.1 (high): Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or…
CVE-2025-22854: Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.
CVE-2018-20802 — CVSS 6.5 (medium): A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes…