CVEs classified under CWE-457, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-6748 — CVSS 9.8 (critical): Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird…
CVE-2025-54874 — CVSS 9.8 (critical): OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory…
CVE-2025-53644 — CVSS 9.8 (critical): OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead…
CVE-2026-14405 — CVSS 9.6 (critical): Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a…
CVE-2026-13825 — CVSS 8.8 (high): Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2025-5749 — CVSS 8.8 (high): WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows…
CVE-2025-20271 — CVSS 8.6 (high): A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an…
CVE-2020-27124 — CVSS 8.6 (high): A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote…
CVE-2026-14413 — CVSS 8.3 (high): Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-10960 — CVSS 8.3 (high): Uninitialized Use in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-9972 — CVSS 8.3 (high): Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer…
CVE-2026-6311 — CVSS 8.3 (high): Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the…
CVE-2026-1333 — CVSS 7.8 (high): A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS…
CVE-2025-20766 — CVSS 7.8 (high): In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a…
CVE-2025-9450 — CVSS 7.8 (high): A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop…
CVE-2025-5047 — CVSS 7.8 (high): A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor…
CVE-2025-6974 — CVSS 7.8 (high): Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop…
CVE-2025-2014 — CVSS 7.8 (high): Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote…
CVE-2023-38088 — CVSS 7.8 (high): Kofax Power PDF printf Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2023-34310 — CVSS 7.8 (high): Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2022-28320 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User…
CVE-2022-28319 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT…
CVE-2022-28317 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34…
CVE-2021-46631 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction…
CVE-2021-46617 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80…
CVE-2021-46570 — CVSS 7.8 (high): This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User…
CVE-2021-46566 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80…
CVE-2021-31435 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User…
CVE-2025-20212 — CVSS 7.7 (high): A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated…
CVE-2026-9963 — CVSS 7.5 (high): Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in…
CVE-2025-64181 — CVSS 7.5 (high): OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture…
CVE-2025-58071 — CVSS 7.5 (high): When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note…
CVE-2025-59348 — CVSS 7.5 (high): Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the processPieceFromSource method…
CVE-2025-0081 — CVSS 7.5 (high): In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This…
CVE-2025-2520 — CVSS 7.5 (high): The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could…
CVE-2026-10976 — CVSS 7.4 (high): Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information…
CVE-2026-10973 — CVSS 7.4 (high): Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML…
CVE-2026-20051 — CVSS 7.4 (high): A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R…
CVE-2026-6751 — CVSS 7.3 (high): Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird…
CVE-2025-10021: A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static…
CVE-2025-20784 — CVSS 6.7 (medium): In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a…
CVE-2025-20771 — CVSS 6.7 (medium): In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege…