CVEs classified under CWE-472, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-43933 — CVSS 9.8 (critical): fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends…
CVE-2025-43930 — CVSS 9.8 (critical): Hashview 0.8.1 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the…
CVE-2021-1295 — CVSS 9.8 (critical): Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers…
CVE-2021-1294 — CVSS 9.8 (critical): Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers…
CVE-2021-1293 — CVSS 9.8 (critical): Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers…
CVE-2021-1292 — CVSS 9.8 (critical): Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers…
CVE-2021-1291 — CVSS 9.8 (critical): Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers…
CVE-2021-1290 — CVSS 9.8 (critical): Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers…
CVE-2021-1289 — CVSS 9.8 (critical): Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers…
CVE-2026-14387 — CVSS 9.6 (critical): Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2026-13796 — CVSS 9.6 (critical): Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process…
CVE-2026-11088 — CVSS 9.6 (critical): Integer overflow in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to…
CVE-2025-66385: UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a…
CVE-2026-34751 — CVSS 9.1 (critical): Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a…
CVE-2026-13938 — CVSS 8.8 (high): Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a…
CVE-2026-11211 — CVSS 8.8 (high): Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a…
CVE-2026-11171 — CVSS 8.8 (high): Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via…
CVE-2026-11085 — CVSS 8.8 (high): Integer overflow in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds…
CVE-2026-10987 — CVSS 8.8 (high): Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a…
CVE-2026-10986 — CVSS 8.8 (high): Integer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via…
CVE-2026-10965 — CVSS 8.8 (high): Integer overflow in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox…
CVE-2026-10964 — CVSS 8.8 (high): Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a…
CVE-2026-10963 — CVSS 8.8 (high): Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a…
CVE-2026-9968 — CVSS 8.8 (high): Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a…
CVE-2026-10019 — CVSS 8.8 (high): Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML…
CVE-2026-10015 — CVSS 8.8 (high): Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a…
CVE-2026-8577 — CVSS 8.8 (high): Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via…
CVE-2026-8532 — CVSS 8.8 (high): Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a…
CVE-2026-8519 — CVSS 8.8 (high): Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory…
CVE-2026-7973 — CVSS 8.8 (high): Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox…
CVE-2026-7903 — CVSS 8.8 (high): Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap…
CVE-2026-7896 — CVSS 8.8 (high): Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2026-5912 — CVSS 8.8 (high): Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a…
CVE-2026-5910 — CVSS 8.8 (high): Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2026-5909 — CVSS 8.8 (high): Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2026-5908 — CVSS 8.8 (high): Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2026-5859 — CVSS 8.8 (high): Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2026-5274 — CVSS 8.8 (high): Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted…
CVE-2026-3536 — CVSS 8.8 (high): Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory…
CVE-2026-2649 — CVSS 8.8 (high): Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2025-10891 — CVSS 8.8 (high): Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2025-7656 — CVSS 8.8 (high): Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2025-6191 — CVSS 8.8 (high): Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory…
CVE-2025-47817 — CVSS 8.8 (high): In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter.
CVE-2025-0436 — CVSS 8.8 (high): Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2025-14750: The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A…
CVE-2025-30236 — CVSS 8.6 (high): Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check)…
CVE-2026-14389 — CVSS 8.3 (high): Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-13841 — CVSS 8.3 (high): Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-13801 — CVSS 8.3 (high): Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process…