Skip to main content

CWE-1025

Comparison Using Wrong Factors

9 CVEs Avg CVSS 6.6 MITRE
0
CRITICAL
4
HIGH
4
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2026-9800 HIGH PATCH This Week

Authorization bypass in the Keycloak Policy Enforcer allows any authenticated user to circumvent all enforced access controls - role, scope, and User-Managed Access (UMA) permission checks - by embedding the configured access-denied page path inside a request URL as a path segment or query parameter. The affected component ships in the Red Hat Build of Keycloak, and successful exploitation grants unauthorized access to protected resources. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Red Hat Build Of Keycloak
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-48860 HIGH PATCH This Week

Authentication bypass in Erlang/OTP's TLS distribution module (inet_tls_dist) lets any attacker holding a TLS certificate signed by a CA in the node's trust store gain full Erlang distribution access, including remote code execution via rpc:call/4 and code:load_binary/3. The flaw stems from check_ip/1 inspecting the local socket address (inet:sockname/1) instead of the peer's address (inet:peername/1), so the LAN-allowlist subnet comparison always matches. No public exploit identified at time of analysis, but the one-line root cause is fully disclosed in the upstream fix commit.

Authentication Bypass Otp Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-40880 Cargo HIGH PATCH GHSA This Week

Consensus-breaking cache logic error in Zcash Zebra node software (all versions <4.3.1) allows malicious miners to partition the network by mining blocks containing height-invalid transactions. By submitting a transaction valid at height H+1 but invalid at H+2, then mining it into block H+2 and submitting that block before H+1, attackers trigger cached verification bypass-vulnerable Zebra nodes accept the invalid block while honest nodes reject it, creating a consensus split. This enables double-spend attacks against isolated nodes. EPSS data unavailable; not in CISA KEV. Classified as CWE-1025 (comparison logic error). Fixed in Zebra 4.3.1 by removing the risky cache optimization entirely.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-40227 MEDIUM PATCH This Month

Denial of service in systemd 260 allows local unprivileged users to crash the systemd daemon by triggering an assert via IPC API calls containing arrays or maps with null elements. The vulnerability affects systemd versions 260 through 260, with no public exploit code identified at time of analysis. EPSS score of 6.2 reflects moderate real-world risk due to local-only attack vector and non-privileged requirements.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-32464 MEDIUM PATCH This Month

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
3.3%
CVE-2025-2888 Cargo MEDIUM PATCH This Month

During a snapshot rollback, the client incorrectly caches the timestamp metadata. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Tough
NVD GitHub
CVSS 4.0
5.7
EPSS
0.2%
CVE-2025-2887 Cargo MEDIUM PATCH This Month

During a target rollback, the client fails to detect the rollback for delegated targets. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Tough
NVD GitHub
CVSS 4.0
5.7
EPSS
0.2%
CVE-2025-27839 LOW Monitor

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
3.2
EPSS
0.1%
CVE-2024-20342 HIGH This Week

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Snort Firepower Threat Defense Software
NVD
CVSS 3.1
8.6
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Authorization bypass in the Keycloak Policy Enforcer allows any authenticated user to circumvent all enforced access controls - role, scope, and User-Managed Access (UMA) permission checks - by embedding the configured access-denied page path inside a request URL as a path segment or query parameter. The affected component ships in the Red Hat Build of Keycloak, and successful exploitation grants unauthorized access to protected resources. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Red Hat Build Of Keycloak
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Authentication bypass in Erlang/OTP's TLS distribution module (inet_tls_dist) lets any attacker holding a TLS certificate signed by a CA in the node's trust store gain full Erlang distribution access, including remote code execution via rpc:call/4 and code:load_binary/3. The flaw stems from check_ip/1 inspecting the local socket address (inet:sockname/1) instead of the peer's address (inet:peername/1), so the LAN-allowlist subnet comparison always matches. No public exploit identified at time of analysis, but the one-line root cause is fully disclosed in the upstream fix commit.

Authentication Bypass Otp Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Consensus-breaking cache logic error in Zcash Zebra node software (all versions <4.3.1) allows malicious miners to partition the network by mining blocks containing height-invalid transactions. By submitting a transaction valid at height H+1 but invalid at H+2, then mining it into block H+2 and submitting that block before H+1, attackers trigger cached verification bypass-vulnerable Zebra nodes accept the invalid block while honest nodes reject it, creating a consensus split. This enables double-spend attacks against isolated nodes. EPSS data unavailable; not in CISA KEV. Classified as CWE-1025 (comparison logic error). Fixed in Zebra 4.3.1 by removing the risky cache optimization entirely.

Authentication Bypass
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Denial of service in systemd 260 allows local unprivileged users to crash the systemd daemon by triggering an assert via IPC API calls containing arrays or maps with null elements. The vulnerability affects systemd versions 260 through 260, with no public exploit code identified at time of analysis. EPSS score of 6.2 reflects moderate real-world risk due to local-only attack vector and non-privileged requirements.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Red Hat Suse
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

During a snapshot rollback, the client incorrectly caches the timestamp metadata. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Tough
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

During a target rollback, the client fails to detect the rollback for delegated targets. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Tough
NVD GitHub
EPSS 0% CVSS 3.2
LOW Monitor

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 1% CVSS 8.6
HIGH This Week

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Snort +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy