CVEs classified under CWE-646, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-1889 — CVSS 9.8 (critical): picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a…
CVE-2025-58449: Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the `Dashboard` and…
CVE-2024-52052 — CVSS 7.2 (high): Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property…
CVE-2025-30662 — CVSS 6.6 (medium): Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in…
CVE-2026-20172 — CVSS 4.3 (medium): A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct…
CVE-2025-41720 — CVSS 4.3 (medium): A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only…