CVEs classified under CWE-449, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2023-43585 — CVSS 7.1 (high): Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a…
CVE-2023-36535 — CVSS 7.1 (high): Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information…
CVE-2025-26643 — CVSS 5.4 (medium): The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-56139 — CVSS 5.3 (medium): LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user…
CVE-2024-24698 — CVSS 4.9 (medium): Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
CVE-2025-13637 — CVSS 4.3 (medium): Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage…
CVE-2025-49736 — CVSS 4.3 (medium): The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2023-43588 — CVSS 3.5 (low): Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network…