CVEs classified under CWE-758, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2026-4705 — CVSS 9.8 (critical): Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-4724 — CVSS 9.1 (critical): Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4718 — CVSS 8.1 (high): Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2025-54811 — CVSS 7.1 (high): OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the…
CVE-2024-4774 — CVSS 6.5 (medium): The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data…
CVE-2026-34549 — CVSS 6.2 (medium): iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an…
CVE-2026-34547 — CVSS 6.2 (medium): iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined…
CVE-2026-34537 — CVSS 6.2 (medium): iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC…
CVE-2026-34533 — CVSS 6.2 (medium): iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC…
CVE-2025-55160 — CVSS 6.1 (medium): ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1…
CVE-2023-30624 — CVSS 3.9 (low): Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing…
CVE-2026-40279 — CVSS 3.7 (low): BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in…
CVE-2024-58350 — CVSS 2.9 (low): Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the…