CVEs classified under CWE-684, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2024-50357 — CVSS 9.8 (critical): FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory…
CVE-2024-6425 — CVSS 9.1 (critical): Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can…
CVE-2023-24845 — CVSS 9.1 (critical): A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM…
CVE-2023-4258 — CVSS 8.6 (high): In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be…
CVE-2025-66384 — CVSS 8.2 (high): app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
CVE-2025-58325 — CVSS 8.2 (high): An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10…
CVE-2025-47227 — CVSS 7.5 (high): In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is…
CVE-2023-5363 — CVSS 7.5 (high): Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential…
CVE-2024-20317 — CVSS 7.4 (high): A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS)…
CVE-2026-42255 — CVSS 7.2 (high): Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.
CVE-2023-5158 — CVSS 6.5 (medium): A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may…
CVE-2022-23728 — CVSS 6.1 (medium): Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011.
CVE-2026-40684 — CVSS 5.9 (medium): In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is…
CVE-2024-6502 — CVSS 5.7 (medium): An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and…
CVE-2024-5005 — CVSS 4.3 (medium): An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from…
CVE-2025-54567 — CVSS 4.2 (medium): hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
CVE-2026-44597 — CVSS 3.7 (low): Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
CVE-2025-54568 — CVSS 3.7 (low): Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured…
CVE-2020-11054 — CVSS 3.5 (low): In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was…
CVE-2026-35381 — CVSS 3.3 (low): A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z…
CVE-2026-35379 — CVSS 3.3 (low): A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes…
CVE-2025-55174 — CVSS 3.2 (low): In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the…