CVEs classified under CWE-403, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2026-40042 — CVSS 9.8 (critical): Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by…
CVE-2025-15114 — CVSS 9.8 (critical): Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the…
CVE-2024-58280 — CVSS 8.8 (high): CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload…
CVE-2024-21626 — CVSS 8.6 (high): runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an…
CVE-2025-3032 — CVSS 7.4 (high): Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability…