CVEs classified under CWE-841, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (42)
CVE-2026-3130 — CVSS 9.8 (critical): Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete…
CVE-2025-48481 — CVSS 9.8 (critical): FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation…
CVE-2022-2105 — CVSS 9.4 (critical): Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root”…
CVE-2026-34582 — CVSS 9.1 (critical): Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed…
CVE-2025-48476 — CVSS 8.8 (high): FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the…
CVE-2026-43974: Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client…
CVE-2025-48477 — CVSS 8.1 (high): FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to…
CVE-2024-0410 — CVSS 7.7 (high): An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9…
CVE-2026-41259 — CVSS 7.5 (high): Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows…
CVE-2026-30574 — CVSS 7.5 (high): A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application…
CVE-2024-46307 — CVSS 7.5 (high): A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.
CVE-2022-1667 — CVSS 7.5 (high): Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by…
CVE-2025-52469 — CVSS 7.1 (high): Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s…
CVE-2023-5921 — CVSS 7.1 (high): Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi…
CVE-2026-46540 — CVSS 6.5 (medium): Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0…
CVE-2025-58051 — CVSS 6.5 (medium): Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a…
CVE-2026-57536: Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status…
CVE-2026-13223: Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a…
CVE-2026-13222: Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a…
CVE-2025-55682 — CVSS 6.1 (medium): Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a…
CVE-2025-55337 — CVSS 6.1 (medium): Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a…
CVE-2025-55332 — CVSS 6.1 (medium): Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a…
CVE-2025-55330 — CVSS 6.1 (medium): Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a…
CVE-2024-12543: User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a…
CVE-2024-44128 — CVSS 5.5 (medium): This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS…
CVE-2022-46710 — CVSS 5.5 (medium): A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be…
CVE-2023-4181 — CVSS 5.4 (medium): A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices…
CVE-2023-1383 — CVSS 5.4 (medium): An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an…
CVE-2024-39325 — CVSS 5.3 (medium): aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and…
CVE-2024-6128 — CVSS 5.3 (medium): A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of…
CVE-2024-37296 — CVSS 5.3 (medium): The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions…
CVE-2025-48478 — CVSS 4.9 (medium): FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation…
CVE-2025-36333 — CVSS 4.3 (medium): IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the…
CVE-2026-24774 — CVSS 4.3 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic…
CVE-2025-13129 — CVSS 4.3 (medium): Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry…
CVE-2025-48482 — CVSS 4.3 (medium): FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The…
CVE-2025-48376 — CVSS 3.5 (low): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a…
CVE-2023-42939 — CVSS 3.3 (low): A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may…
CVE-2026-8477 — CVSS 2.7 (low): Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an…
CVE-2025-13459 — CVSS 2.7 (low): IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral…
CVE-2025-48480 — CVSS 2.7 (low): FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or…
CVE-2025-48479 — CVSS 2.7 (low): FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not…