CVEs classified under CWE-441, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-39906 — CVSS 10.0 (critical): Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote…
CVE-2025-62718 — CVSS 9.9 (critical): Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname…
CVE-2025-64123 — CVSS 9.8 (critical): Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue…
CVE-2021-20042 — CVSS 9.8 (critical): An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This…
CVE-2025-64125: A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was…
CVE-2026-24471: continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the…
CVE-2015-2947 — CVSS 9.1 (critical): KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.
CVE-2026-36608 — CVSS 8.8 (high): Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own…
CVE-2026-44494 — CVSS 8.7 (high): Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a…
CVE-2025-11393 — CVSS 8.7 (high): A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the…
CVE-2024-30128 — CVSS 8.6 (high): HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source…
CVE-2026-0107 — CVSS 8.4 (high): In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. This could lead to…
CVE-2026-0021 — CVSS 8.4 (high): In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy…
CVE-2026-0013 — CVSS 8.4 (high): In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This…
CVE-2026-0008 — CVSS 8.4 (high): In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege…
CVE-2025-48579 — CVSS 8.4 (high): In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This…
CVE-2026-42313 — CVSS 8.3 (high): pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method…
CVE-2025-47269 — CVSS 8.3 (high): code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy…
CVE-2026-24470 — CVSS 8.1 (high): Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress…
CVE-2026-0098 — CVSS 7.8 (high): In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could…
CVE-2025-48570 — CVSS 7.8 (high): In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy…
CVE-2025-48646 — CVSS 7.8 (high): In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local…
CVE-2025-48628 — CVSS 7.8 (high): In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could…
CVE-2025-48586 — CVSS 7.8 (high): In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy…
CVE-2025-48555 — CVSS 7.8 (high): In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This…
CVE-2025-48536 — CVSS 7.8 (high): In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure…
CVE-2025-22420 — CVSS 7.8 (high): In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local…
CVE-2025-32320 — CVSS 7.8 (high): In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of…
CVE-2025-32346 — CVSS 7.8 (high): In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This…
CVE-2025-32326 — CVSS 7.8 (high): In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy…
CVE-2025-32324 — CVSS 7.8 (high): In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead…
CVE-2025-32321 — CVSS 7.8 (high): In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This…
CVE-2025-26454 — CVSS 7.8 (high): In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a…
CVE-2025-26452 — CVSS 7.8 (high): In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy…
CVE-2025-22418 — CVSS 7.8 (high): In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no…
CVE-2025-22416 — CVSS 7.8 (high): In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to…
CVE-2023-40111 — CVSS 7.8 (high): In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a…
CVE-2026-49821 — CVSS 7.7 (high): Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on…
CVE-2019-3924 — CVSS 7.5 (high): MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute…
CVE-2025-48532 — CVSS 7.3 (high): In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused…
CVE-2025-22441 — CVSS 7.3 (high): In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a…
CVE-2023-31313 — CVSS 7.2 (high): An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed…
CVE-2020-26262 — CVSS 7.2 (high): Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect…
CVE-2025-48545 — CVSS 7.1 (high): In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This…
CVE-2026-53931: NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMake could be…
CVE-2018-12182 — CVSS 6.7 (medium): Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege…
CVE-2026-33768 — CVSS 6.5 (medium): Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and x_astro_path…
CVE-2026-27124 — CVSS 6.1 (medium): FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth…
CVE-2018-16598 — CVSS 5.9 (medium): An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN…
CVE-2026-3160 — CVSS 5.8 (medium): GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before…