CVEs classified under CWE-791, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2025-0324 — CVSS 9.4 (critical): The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
CVE-2024-47590 — CVSS 8.8 (high): An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this…
CVE-2026-44232: DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.0.3, every IPv6 category…
CVE-2022-2132 — CVSS 8.6 (high): A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by…
CVE-2024-45481: An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated…
CVE-2026-11998 — CVSS 7.6 (high): A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to…
CVE-2025-6761 — CVSS 7.3 (high): A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this…
CVE-2025-59303 — CVSS 6.4 (medium): HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with…
CVE-2026-9498 — CVSS 6.3 (medium): A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component…
CVE-2026-8740 — CVSS 6.3 (medium): A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java…
CVE-2026-5559 — CVSS 6.3 (medium): A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the…
CVE-2026-3725 — CVSS 6.3 (medium): A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the…
CVE-2025-14731 — CVSS 6.3 (medium): A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library…
CVE-2025-6518 — CVSS 6.3 (medium): A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode…
CVE-2025-5325 — CVSS 6.3 (medium): A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台…
CVE-2025-2040 — CVSS 6.3 (medium): A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown…
CVE-2024-39283 — CVSS 6.0 (medium): Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user…
CVE-2023-31172 — CVSS 5.9 (medium): An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software…
CVE-2020-36827 — CVSS 5.4 (medium): The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.
CVE-2025-2336 — CVSS 4.8 (medium): Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module…
CVE-2025-0716 — CVSS 4.8 (medium): Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to…
CVE-2024-8373 — CVSS 4.8 (medium): Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image…
CVE-2026-6984 — CVSS 4.7 (medium): A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file…
CVE-2026-5987 — CVSS 4.7 (medium): A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender…
CVE-2026-3714 — CVSS 4.7 (medium): A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template…
CVE-2026-2969 — CVSS 4.7 (medium): A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapi…
CVE-2025-9094 — CVSS 4.3 (medium): A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The…