Skip to main content

CWE-115

Misinterpretation of Input

22 CVEs Avg CVSS 6.2 MITRE
1
CRITICAL
7
HIGH
13
MEDIUM
1
LOW
5
POC
0
KEV

Monthly

CVE-2026-42004 LOW PATCH Monitor

EDNS OPT filter bypass in DNSdist exposes backend DNS servers to EDNS extension options that DNSdist was configured to suppress. The flaw is triggered specifically by the EDNS Client Subnet (ECS) insertion code path, which silently normalizes a crafted malformed OPT record - one that evaded DNSdist's filter - into a syntactically valid OPT record forwarded to the upstream backend. No public exploit code exists and no active exploitation has been confirmed; CVSS rates this Low (3.7) reflecting both the high attack complexity and the limited integrity-only impact.

Information Disclosure
NVD VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-12491 PyPI MEDIUM This Month

Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.

Information Disclosure Red Hat Ai Inference Server Red Hat Enterprise Linux Ai Rhel Ai 3 Red Hat Openshift Ai Rhoai
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-5826 MEDIUM This Month

CVE-2025-5826 is a security vulnerability (CVSS 6.3) that allows network-adjacent attackers. Remediation should follow standard vulnerability management procedures.

Code Injection Maxicharger Ac Elite Business C50 Firmware Maxicharger Ac Ultra Firmware Maxicharger Dc Hipower Firmware Maxicharger Dc Compact Pedestal Firmware +5
NVD
CVSS 3.0
6.3
EPSS
0.0%
CVE-2025-5747 HIGH This Week

Remote code execution vulnerability in WOLFBOX Level 2 EV Charger devices caused by improper frame parsing in the Microcontroller Unit (MCU) firmware. Network-adjacent attackers with valid authentication credentials can exploit a frame start detection flaw to misinterpret command input and execute arbitrary code with full device privileges. While no public exploit code or active KEV listing is confirmed from the provided data, the CVSS 8.0 score and requirement for authentication (not public network access) suggest moderate real-world exploitability; however, this should be verified against EPSS scores and vendor advisories for actual threat intelligence integration.

RCE Level 2 Ev Charger Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2025-32908 HIGH PATCH This Week

A flaw was found in libsoup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-11169 HIGH POC PATCH This Month

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Librechat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2025-22870 Go MEDIUM PATCH This Month

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-25069 MEDIUM PATCH This Month

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Redis Kvrocks Suse
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-0880 PHP MEDIUM POC PATCH This Month

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-20915 HIGH This Week

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
EPSS 0% CVSS 3.7
LOW PATCH Monitor

EDNS OPT filter bypass in DNSdist exposes backend DNS servers to EDNS extension options that DNSdist was configured to suppress. The flaw is triggered specifically by the EDNS Client Subnet (ECS) insertion code path, which silently normalizes a crafted malformed OPT record - one that evaded DNSdist's filter - into a syntactically valid OPT record forwarded to the upstream backend. No public exploit code exists and no active exploitation has been confirmed; CVSS rates this Low (3.7) reflecting both the high attack complexity and the limited integrity-only impact.

Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.

Information Disclosure Red Hat Ai Inference Server Red Hat Enterprise Linux Ai Rhel Ai 3 +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

CVE-2025-5826 is a security vulnerability (CVSS 6.3) that allows network-adjacent attackers. Remediation should follow standard vulnerability management procedures.

Code Injection Maxicharger Ac Elite Business C50 Firmware Maxicharger Ac Ultra Firmware +7
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution vulnerability in WOLFBOX Level 2 EV Charger devices caused by improper frame parsing in the Microcontroller Unit (MCU) firmware. Network-adjacent attackers with valid authentication credentials can exploit a frame start detection flaw to misinterpret command input and execute arbitrary code with full device privileges. While no public exploit code or active KEV listing is confirmed from the provided data, the CVSS 8.0 score and requirement for authentication (not public network access) suggest moderate real-world exploitability; however, this should be verified against EPSS scores and vendor advisories for actual threat intelligence integration.

RCE Level 2 Ev Charger Firmware
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A flaw was found in libsoup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Month

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Librechat
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Redis +2
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy