CVEs classified under CWE-924, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2025-29628 — CVSS 9.4 (critical): A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home…
CVE-2024-44730 — CVSS 9.1 (critical): Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat…
CVE-2020-5869 — CVSS 9.1 (critical): In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify…
CVE-2025-0592 — CVSS 8.8 (high): The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and…
CVE-2019-25719 — CVSS 8.6 (high): Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower…
CVE-2021-34793 — CVSS 8.6 (high): A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software…
CVE-2023-6408 — CVSS 8.1 (high): CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a…
CVE-2023-2885 — CVSS 8.1 (high): Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in…
CVE-2021-41034 — CVSS 8.1 (high): The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence…
CVE-2018-7295 — CVSS 8.1 (high): ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During…
CVE-2020-11639 — CVSS 7.8 (high): An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each…
CVE-2026-12576 — CVSS 7.5 (high): DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability.
CVE-2024-8933 — CVSS 7.5 (high): CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause…
CVE-2023-49933 — CVSS 7.5 (high): An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During…
CVE-2022-3166 — CVSS 7.5 (high): Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to…
CVE-2024-12399 — CVSS 7.1 (high): CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause…
CVE-2026-39827 — CVSS 6.5 (medium): An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually…
CVE-2021-21390 — CVSS 6.5 (medium): MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO…
CVE-2019-20844 — CVSS 6.5 (medium): An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message…
CVE-2018-14526 — CVSS 6.5 (medium): An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages…
CVE-2015-2968 — CVSS 5.9 (medium): LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application…
CVE-2015-0897 — CVSS 5.9 (medium): LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack…
CVE-2023-22372 — CVSS 5.9 (medium): In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac…
CVE-2023-43297 — CVSS 5.4 (medium): An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2024-39229 — CVSS 5.3 (medium): An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X3…
CVE-2024-52288 — CVSS 5.1 (medium): libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust…
CVE-2020-10635 — CVSS 4.3 (medium): Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server…
CVE-2026-54891 — CVSS 3.7 (low): Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl…
CVE-2023-26979 — CVSS 3.1 (low): Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It…
CVE-2021-3716 — CVSS 3.1 (low): A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use…