CVEs classified under CWE-789, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2021-34869 — CVSS 8.8 (high): This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker…
CVE-2021-34868 — CVSS 8.8 (high): This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker…
CVE-2024-20260 — CVSS 8.6 (high): A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall…
CVE-2021-34867 — CVSS 8.2 (high): This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker…
CVE-2026-20048 — CVSS 7.7 (high): A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could…
CVE-2026-55380 — CVSS 7.5 (high): Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header…
CVE-2026-55379 — CVSS 7.5 (high): Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file…
CVE-2026-54060 — CVSS 7.5 (high): Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap…
CVE-2026-54059 — CVSS 7.5 (high): Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section…
CVE-2026-53917 — CVSS 7.5 (high): Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ…
CVE-2026-53916 — CVSS 7.5 (high): Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An…
CVE-2026-50734 — CVSS 7.5 (high): Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An…
CVE-2026-10142 — CVSS 7.5 (high): kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or…
CVE-2026-49975 — CVSS 7.5 (high): Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP…
CVE-2026-9538 — CVSS 7.5 (high): Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar()…
CVE-2018-25368 — CVSS 7.5 (high): Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an…
CVE-2021-47973 — CVSS 7.5 (high): Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively…
CVE-2021-47972 — CVSS 7.5 (high): Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating…
CVE-2021-47971 — CVSS 7.5 (high): My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long…
CVE-2021-47970 — CVSS 7.5 (high): Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with…
CVE-2021-47969 — CVSS 7.5 (high): Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long…
CVE-2026-44375 — CVSS 7.5 (high): Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an…
CVE-2021-47944 — CVSS 7.5 (high): memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long…
CVE-2026-42440 — CVSS 7.5 (high): OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 1.9.5 before 2.5.9…
CVE-2026-33524 — CVSS 7.5 (high): Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted…
CVE-2026-35186 — CVSS 7.5 (high): Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug…
CVE-2026-24146 — CVSS 7.5 (high): NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a…
CVE-2026-39312 — CVSS 7.5 (high): SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service…
CVE-2026-24158 — CVSS 7.5 (high): NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a…
CVE-2026-33174 — CVSS 7.5 (high): Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when…
CVE-2026-28253 — CVSS 7.5 (high): A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an…
CVE-2026-22026 — CVSS 7.5 (high): CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure…
CVE-2025-61910 — CVSS 7.5 (high): The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A BPv7 bundle with a…
CVE-2025-23331 — CVSS 7.5 (high): NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive…
CVE-2025-54801 — CVSS 7.5 (high): Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form…
CVE-2025-27533 — CVSS 7.5 (high): Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of…
CVE-2025-30211 — CVSS 7.5 (high): Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously…
CVE-2025-20165 — CVSS 7.5 (high): A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing…
CVE-2023-3223 — CVSS 7.5 (high): A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This…
CVE-2023-30837 — CVSS 7.5 (high): Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions…
CVE-2022-31804 — CVSS 7.5 (high): The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may…
CVE-2017-7652 — CVSS 7.5 (high): In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers…
CVE-2025-20140 — CVSS 7.4 (high): A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an…
CVE-2025-26618: Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high…
CVE-2026-53428: Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service…
CVE-2026-42946 — CVSS 6.5 (medium): A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an…
CVE-2026-41314 — CVSS 6.5 (medium): pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft…
CVE-2026-41312 — CVSS 6.5 (medium): pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft…
CVE-2026-35549 — CVSS 6.5 (medium): An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the…