CVEs classified under CWE-454, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-26148 — CVSS 8.1 (high): External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
CVE-2025-36244 — CVSS 7.4 (high): IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files…
CVE-2026-48980 — CVSS 6.3 (medium): pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables…