CVEs classified under CWE-402, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2025-0502 — CVSS 9.1 (critical): Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64…
CVE-2025-48383 — CVSS 8.2 (high): Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the…
CVE-2024-29900 — CVSS 7.5 (high): Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready…
CVE-2022-3596 — CVSS 7.5 (high): An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after…
CVE-2025-67745 — CVSS 7.1 (high): MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some…
CVE-2024-47146 — CVSS 6.5 (medium): Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically…
CVE-2025-49618 — CVSS 5.8 (medium): In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.
CVE-2024-32388 — CVSS 5.3 (medium): Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This…
CVE-2025-29925 — CVSS 5.3 (medium): XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST…
CVE-2025-52925 — CVSS 5.0 (medium): In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812.
CVE-2025-55014 — CVSS 4.7 (medium): The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the…
CVE-2025-66422 — CVSS 4.3 (medium): Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11…
CVE-2023-38509 — CVSS 4.3 (medium): XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and…
CVE-2025-32360 — CVSS 4.2 (medium): In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However…