CVEs classified under CWE-641, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2026-25177 — CVSS 8.8 (high): Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate…
CVE-2026-50023 — CVSS 8.3 (high): yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to…
CVE-2025-47173 — CVSS 7.8 (high): Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2023-0046 — CVSS 7.2 (high): Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.
CVE-2024-47260 — CVSS 6.5 (medium): 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation…
CVE-2019-25623 — CVSS 6.2 (medium): Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing…