CVEs classified under CWE-471, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2022-25893 — CVSS 9.8 (critical): The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set…
CVE-2018-3722 — CVSS 8.8 (high): merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious…
CVE-2018-3720 — CVSS 8.8 (high): assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious…
CVE-2018-3728 — CVSS 8.8 (high): hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge'…
CVE-2024-55551 — CVSS 8.3 (high): An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL…
CVE-2024-9876 — CVSS 7.3 (high): : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4…
CVE-2023-2904 — CVSS 7.3 (high): The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the…
CVE-2026-44798 — CVSS 7.1 (high): Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a…
CVE-2025-33136 — CVSS 7.1 (high): IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on…
CVE-2024-34517 — CVSS 6.5 (medium): The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin…
CVE-2023-43697 — CVSS 6.5 (medium): Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load…
CVE-2021-37177 — CVSS 6.5 (medium): A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients…
CVE-2022-2390 — CVSS 6.1 (medium): Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification…
CVE-2024-45672 — CVSS 6.0 (medium): IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted…
CVE-2020-26237 — CVSS 5.8 (medium): Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype…
CVE-2023-46232 — CVSS 5.3 (medium): era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to…
CVE-2021-42701 — CVSS 5.0 (medium): An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the…
CVE-2020-26268 — CVSS 4.4 (medium): In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file…
CVE-2021-37193 — CVSS 4.3 (medium): A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same…
CVE-2024-51462 — CVSS 4.0 (medium): IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper…
CVE-2022-1561 — CVSS 4.0 (medium): Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing…
CVE-2022-3288 — CVSS 3.5 (low): A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows…
CVE-2026-8492 — CVSS 2.7 (low): Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing…