CVEs classified under CWE-501, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2026-25725 — CVSS 10.0 (critical): Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the…
CVE-2025-48938 — CVSS 9.8 (critical): go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in…
CVE-2023-28597 — CVSS 8.3 (high): Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB…
CVE-2024-23682 — CVSS 8.2 (high): Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that…
CVE-2026-33828 — CVSS 7.8 (high): Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
CVE-2025-49714 — CVSS 7.8 (high): Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
CVE-2020-4076 — CVSS 7.8 (high): In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in…
CVE-2020-4077 — CVSS 7.7 (high): In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in…
CVE-2025-14542 — CVSS 7.5 (high): The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a…
CVE-2020-15096 — CVSS 6.8 (medium): In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the…
CVE-2023-0627 — CVSS 6.7 (medium): Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation…
CVE-2024-1725 — CVSS 6.5 (medium): A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an…
CVE-2022-20826 — CVSS 6.4 (medium): A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance…
CVE-2024-20265 — CVSS 5.9 (medium): A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the…
CVE-2022-1799 — CVSS 5.7 (medium): Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted…
CVE-2026-24153 — CVSS 5.2 (medium): NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this…
CVE-2025-1118 — CVSS 4.4 (medium): A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory…