CVEs classified under CWE-460, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2026-40583 — CVSS 8.2 (high): UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that…
CVE-2023-46393 — CVSS 7.5 (high): gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users'…
CVE-2026-20118 — CVSS 6.8 (medium): A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network…
CVE-2024-0316 — CVSS 6.8 (medium): Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could…
CVE-2025-32439 — CVSS 6.5 (medium): pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback…
CVE-2025-30157 — CVSS 6.5 (medium): Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP…
CVE-2025-69652 — CVSS 6.2 (medium): GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with…
CVE-2017-15127 — CVSS 5.5 (medium): A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page…
CVE-2026-33481 — CVSS 5.3 (medium): Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions…
CVE-2024-20354 — CVSS 4.7 (medium): A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated…
CVE-2020-14304 — CVSS 4.4 (medium): A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw…
CVE-2026-48524 — CVSS 3.7 (low): PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS…
CVE-2025-59399 — CVSS 3.1 (low): libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.
CVE-2022-3301 — CVSS 2.4 (low): Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8.