CVEs classified under CWE-838, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2025-4052 — CVSS 9.8 (critical): Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage…
CVE-2019-18981 — CVSS 9.8 (critical): Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2018-9862 — CVSS 7.8 (high): util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of…
CVE-2024-11702 — CVSS 7.5 (high): Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the…
CVE-2019-6110 — CVSS 6.8 (medium): In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker)…
CVE-2023-6512 — CVSS 6.5 (medium): Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the…
CVE-2023-5770 — CVSS 5.3 (medium): Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject…
CVE-2024-34006 — CVSS 4.3 (medium): The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead…
CVE-2023-3735 — CVSS 4.3 (medium): Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate…
CVE-2020-7292 — CVSS 4.3 (medium): Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to…