CVEs classified under CWE-642, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2018-15382 — CVSS 8.6 (high): A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The…
CVE-2025-49090 — CVSS 7.1 (high): The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.
CVE-2024-22387 — CVSS 6.8 (medium): External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an…
CVE-2024-8754 — CVSS 6.4 (medium): An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to…
CVE-2017-0928 — CVSS 6.1 (medium): html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized'…
CVE-2022-32859 — CVSS 5.3 (medium): A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight…
CVE-2025-26787 — CVSS 4.7 (medium): An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to…
CVE-2025-54566 — CVSS 4.2 (medium): hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
CVE-2024-58265 — CVSS 3.1 (low): The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message…