CVEs classified under CWE-923, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (48)
CVE-2019-17440 — CVSS 10.0 (critical): Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card…
CVE-2024-41889 — CVSS 9.8 (critical): Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be…
CVE-2026-34205 — CVSS 9.6 (critical): Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons)…
CVE-2023-28078 — CVSS 9.1 (critical): Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote…
CVE-2025-61939 — CVSS 8.8 (high): An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An…
CVE-2025-20261 — CVSS 8.8 (high): A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS…
CVE-2024-26131 — CVSS 8.4 (high): Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a…
CVE-2025-29986 — CVSS 8.3 (high): Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints…
CVE-2024-47490 — CVSS 8.2 (high): An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper…
CVE-2026-23664 — CVSS 7.5 (high): Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose…
CVE-2024-26013 — CVSS 7.5 (high): A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through…
CVE-2024-24974 — CVSS 7.5 (high): The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote…
CVE-2024-34446 — CVSS 7.5 (high): Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus…
CVE-2023-28971 — CVSS 7.2 (high): An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon…
CVE-2025-35978 — CVSS 7.1 (high): Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService…
CVE-2023-25518 — CVSS 7.1 (high): NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with…
CVE-2025-49734 — CVSS 7.0 (high): Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate…
CVE-2024-6222 — CVSS 7.0 (high): In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further…
CVE-2025-62843 — CVSS 6.8 (medium): An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker…
CVE-2025-48807 — CVSS 6.7 (medium): Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code…
CVE-2024-39537 — CVSS 6.5 (medium): An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000…
CVE-2025-12357 — CVSS 6.3 (medium): By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a…
CVE-2024-36252 — CVSS 6.3 (medium): Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If…
CVE-2025-33176 — CVSS 6.2 (medium): NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an…
CVE-2022-2837 — CVSS 6.1 (medium): A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod…
CVE-2026-22715 — CVSS 5.9 (medium): VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with…
CVE-2025-31144 — CVSS 5.8 (medium): Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited…
CVE-2026-12039: Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS…
CVE-2025-36145 — CVSS 5.4 (medium): IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker…
CVE-2023-44195 — CVSS 5.4 (medium): An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper…
CVE-2025-36180 — CVSS 5.3 (medium): IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to…
CVE-2022-2663 — CVSS 5.3 (medium): An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message…
CVE-2025-36438 — CVSS 5.1 (medium): IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel…
CVE-2026-55655 — CVSS 5.0 (medium): A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This…
CVE-2026-22726 — CVSS 5.0 (medium): Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a…
CVE-2023-29108 — CVSS 5.0 (medium): The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by…
CVE-2022-2835 — CVSS 4.4 (medium): A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by…
CVE-2025-32886 — CVSS 4.0 (medium): An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB…
CVE-2024-22315 — CVSS 4.0 (medium): IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to…
CVE-2021-32004 — CVSS 3.7 (low): This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager…
CVE-2022-30729 — CVSS 3.3 (low): Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a…
CVE-2025-22251 — CVSS 3.1 (low): An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2…
CVE-2022-38125 — CVSS 2.9 (low): Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows…
CVE-2025-27769 — CVSS 2.6 (low): A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging…
CVE-2024-39271 — CVSS 2.6 (low): Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software…