CVEs classified under CWE-782, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2024-39251 — CVSS 10.0 (critical): An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access…
CVE-2024-4196 — CVSS 10.0 (critical): An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a…
CVE-2024-32370 — CVSS 9.8 (critical): An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a…
CVE-2024-30804 — CVSS 9.8 (critical): An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via…
CVE-2024-33220 — CVSS 8.8 (high): An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and…
CVE-2021-21789 — CVSS 8.8 (high): A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write…
CVE-2021-21788 — CVSS 8.8 (high): A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write…
CVE-2021-21787 — CVSS 8.8 (high): A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write…
CVE-2025-7771: ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the…
CVE-2026-8797: An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product…
CVE-2024-33222 — CVSS 8.4 (high): An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and…
CVE-2026-57851 — CVSS 7.8 (high): MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally…
CVE-2026-8501 — CVSS 7.8 (high): Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the…
CVE-2025-47761 — CVSS 7.8 (high): An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3…
CVE-2024-33221 — CVSS 7.8 (high): An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges…
CVE-2024-33219 — CVSS 7.8 (high): An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges…
CVE-2024-33218 — CVSS 7.8 (high): An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate…
CVE-2021-25695 — CVSS 7.8 (high): The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an…
CVE-2025-26125 — CVSS 7.3 (high): An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate…
CVE-2026-4483: An exposed IOCTL with an insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial…
CVE-2025-8061 — CVSS 7.0 (high): A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some…
CVE-2025-15641: Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative…
CVE-2024-0141 — CVSS 6.8 (medium): NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to…
CVE-2026-56129 — CVSS 5.5 (medium): Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access…
CVE-2021-21792 — CVSS 5.5 (medium): An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O…
CVE-2021-21791 — CVSS 5.5 (medium): An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O…
CVE-2021-21790 — CVSS 5.5 (medium): An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O…
CVE-2021-21785 — CVSS 5.5 (medium): An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A…
CVE-2025-27535 — CVSS 5.3 (medium): Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84…
CVE-2023-44976 — CVSS 3.2 (low): Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via…
CVE-2026-6737: An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms…