CVEs classified under CWE-436, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2023-24813 — CVSS 10.0 (critical): Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can…
CVE-2026-8034 — CVSS 9.8 (critical): A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker…
CVE-2021-45327 — CVSS 9.8 (critical): Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API…
CVE-2020-10180 — CVSS 9.8 (critical): The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294…
CVE-2019-19589 — CVSS 9.8 (critical): The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives…
CVE-2026-14198 — CVSS 9.1 (critical): @fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths…
CVE-2026-41248 — CVSS 9.1 (critical): Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and…
CVE-2026-6270 — CVSS 9.1 (critical): @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify…
CVE-2026-33808 — CVSS 9.1 (critical): Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router…
CVE-2026-33807 — CVSS 9.1 (critical): @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when…
CVE-2024-38428 — CVSS 9.1 (critical): url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in…
CVE-2019-18792 — CVSS 9.1 (critical): An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake…
CVE-2023-39481 — CVSS 8.8 (high): Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers…
CVE-2018-19966 — CVSS 8.8 (high): An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain…
CVE-2018-6560 — CVSS 8.8 (high): In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used…
CVE-2025-12816 — CVSS 8.6 (high): An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft…
CVE-2021-1587 — CVSS 8.6 (high): A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow…
CVE-2023-36456 — CVSS 8.3 (high): authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the…
CVE-2020-9363 — CVSS 7.8 (high): The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection…
CVE-2020-9362 — CVSS 7.8 (high): The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total…
CVE-2021-34699 — CVSS 7.7 (high): A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an…
CVE-2020-3200 — CVSS 7.7 (high): A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote…
CVE-2026-13676 — CVSS 7.5 (high): fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path…
CVE-2026-42551 — CVSS 7.5 (high): Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override…
CVE-2026-6322 — CVSS 7.5 (high): fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters…
CVE-2026-27444 — CVSS 7.5 (high): SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation…
CVE-2026-0958 — CVSS 7.5 (high): GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4…
CVE-2026-25223 — CVSS 7.5 (high): Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify…
CVE-2024-55629 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP…
CVE-2023-52892 — CVSS 7.5 (high): In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS…
CVE-2024-34478 — CVSS 7.5 (high): btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus…
CVE-2023-40718 — CVSS 7.5 (high): A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP…
CVE-2022-48473 — CVSS 7.5 (high): There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer…
CVE-2022-48471 — CVSS 7.5 (high): There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer…
CVE-2022-48261 — CVSS 7.5 (high): There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation of this vulnerability may cause…
CVE-2022-48230 — CVSS 7.5 (high): There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS.
CVE-2022-48279 — CVSS 7.5 (high): In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application…
CVE-2023-22602 — CVSS 7.5 (high): When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass…
CVE-2022-23773 — CVSS 7.5 (high): cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to…
CVE-2021-0207 — CVSS 7.5 (high): An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does…
CVE-2020-10193 — CVSS 7.5 (high): ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects…
CVE-2019-17596 — CVSS 7.5 (high): Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There…
CVE-2019-0052 — CVSS 7.5 (high): The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is…
CVE-2026-33804 — CVSS 7.4 (high): @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is…
CVE-2024-28054 — CVSS 7.4 (high): Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some…
CVE-2022-20915 — CVSS 7.4 (high): A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an…
CVE-2023-32708 — CVSS 7.2 (high): In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user…
CVE-2024-23644 — CVSS 6.8 (medium): Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and…
CVE-2026-47076 — CVSS 6.5 (medium): Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney_url:normalize/2 URL-decodes the host…