CVEs classified under CWE-703, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-13026 — CVSS 9.8 (critical): Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and…
CVE-2025-13023 — CVSS 9.8 (critical): Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and…
CVE-2025-13022 — CVSS 9.8 (critical): Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
CVE-2025-13021 — CVSS 9.8 (critical): Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
CVE-2024-39815 — CVSS 9.1 (critical): Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge…
CVE-2024-21525 — CVSS 8.3 (high): All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the…
CVE-2024-10781 — CVSS 8.1 (high): The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due…
CVE-2024-4611 — CVSS 8.1 (high): The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the…
CVE-2024-27832 — CVSS 7.8 (high): The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2…
CVE-2026-44893 — CVSS 7.5 (high): Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions…
CVE-2026-34388 — CVSS 7.5 (high): Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint…
CVE-2025-70758 — CVSS 7.5 (high): chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The…
CVE-2025-14874 — CVSS 7.5 (high): A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers…
CVE-2025-13016 — CVSS 7.5 (high): Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5…
CVE-2025-61602 — CVSS 7.5 (high): BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any…
CVE-2025-61601 — CVSS 7.5 (high): BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any…
CVE-2025-59531 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19…
CVE-2024-47215 — CVSS 7.5 (high): An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS…
CVE-2024-50954 — CVSS 7.5 (high): The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a…
CVE-2024-55548 — CVSS 7.5 (high): Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.
CVE-2024-6468 — CVSS 7.5 (high): Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option…
CVE-2024-29205 — CVSS 7.5 (high): An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti…
CVE-2023-51443 — CVSS 7.5 (high): FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software…
CVE-2023-32230 — CVSS 7.5 (high): An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to…
CVE-2023-36831 — CVSS 7.5 (high): An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of…
CVE-2023-22413 — CVSS 7.5 (high): An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a…
CVE-2022-41777 — CVSS 7.5 (high): Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and…
CVE-2022-41589 — CVSS 7.5 (high): The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability…
CVE-2026-12324 — CVSS 7.3 (high): Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12…
CVE-2025-24371: CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send…
CVE-2023-5563 — CVSS 7.1 (high): The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECO…
CVE-2024-38482 — CVSS 6.6 (medium): CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A…
CVE-2019-10928 — CVSS 6.6 (medium): A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical…
CVE-2025-59787 — CVSS 6.5 (medium): 2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or…
CVE-2025-68135 — CVSS 6.5 (medium): EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the…
CVE-2025-12890 — CVSS 6.5 (medium): Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF…
CVE-2025-24188 — CVSS 6.5 (medium): A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted…
CVE-2025-3084 — CVSS 6.5 (medium): When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes…
CVE-2024-38435 — CVSS 6.5 (medium): Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
CVE-2024-39514 — CVSS 6.5 (medium): An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and…
CVE-2024-21593 — CVSS 6.5 (medium): An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS…
CVE-2023-44203 — CVSS 6.5 (medium): An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on…
CVE-2023-36849 — CVSS 6.5 (medium): An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks…
CVE-2023-28959 — CVSS 6.5 (medium): An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows…
CVE-2023-0004 — CVSS 6.5 (medium): A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the…
CVE-2022-22224 — CVSS 6.5 (medium): An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos…
CVE-2021-25419 — CVSS 6.5 (medium): Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in…
CVE-2019-10927 — CVSS 6.5 (medium): A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1)…