Skip to main content

CWE-123

Write-what-where Condition

44 CVEs Avg CVSS 7.9 MITRE
8
CRITICAL
25
HIGH
9
MEDIUM
1
LOW
11
POC
0
KEV

Monthly

CVE-2026-47473 HIGH This Week

Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (CWE-123), enabling arbitrary memory writes that can corrupt data, crash the inference service, or leak sensitive information. The flaw carries a CVSS 7.4 (High) score with a local attack vector and high attack complexity, and affects the TensorRT-LLM library used to build and serve optimized large-language-model inference on NVIDIA GPUs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Denial Of Service Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-30121 npm CRITICAL PATCH GHSA Act Now

Arbitrary file write in remotion-dev Remotion v4.0.409 allows remote attackers to write attacker-controlled content to arbitrary filesystem locations without authentication, per the CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) and CWE-123 (Write-what-where) classification. Remotion is a React-based programmatic video rendering framework, and the flaw can lead to integrity and availability compromise of the host running the rendering engine. No public exploit identified at time of analysis, and the EPSS score of 0.15% (4th percentile) indicates low predicted exploitation likelihood despite the high CVSS score.

Information Disclosure N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-45257 HIGH This Week

Page-cache corruption in FreeBSD's kTLS-RX subsystem (CVE-2026-45257 / FreeBSD-SA-26:26.kTLS) enables an unprivileged local user to overwrite arbitrary bytes in the backing physical page of any world-readable file, including SUID-root binaries, by exploiting in-place AES-GCM decryption running directly over sendfile(2)-produced EXTPG mbufs via the kernel direct map (DMAP). The write bypasses the VFS layer entirely, defeating file permissions, mount options, and chflags schg immutable flags - making this the FreeBSD functional equivalent of Linux CVE-2022-0847 (Dirty Pipe). A public exploit (bumsrakete.c) is included in the oss-security disclosure and achieves reliable root LPE in approximately 1.5 seconds on default FreeBSD 13.0 through 15.0 on amd64, arm64, and riscv; no public KEV listing has been identified at time of analysis.

Authentication Bypass Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-46323 HIGH PATCH This Week

Use-after-free in the Linux kernel's Generic Receive Offload (GRO) networking path allows local attackers to corrupt kernel memory and potentially achieve privilege escalation or denial of service. The flaw stems from skb_gro_receive() merging fragment lists between socket buffers without honoring the SKBFL_MANAGED_FRAG_REFS zero-copy flag, leaving page refcounts inconsistent. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (5th percentile).

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46300 HIGH POC PATCH CISA NEWS Act Now

Local privilege escalation in Linux kernel XFRM ESP-in-TCP subsystem (Fragnesia vulnerability) allows authenticated local attackers to overwrite kernel memory structures by exploiting arbitrary byte writes into the kernel page cache of read-only files. CVSS score of 7.8 reflects high impact across confidentiality, integrity, and availability. Low attack complexity (AC:L) and no user interaction requirement (UI:N) make this exploitable by any local user with basic privileges. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, but the specific vulnerability name 'Fragnesia' suggests coordinated disclosure with security research community.

Privilege Escalation Linux
NVD VulDB GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.1
CVE-2026-41952 HIGH PATCH This Week

Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.

Microsoft Privilege Escalation
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-14857 MEDIUM This Month

Stack memory write protection bypass in Semtech LoRa LR11xx transceiver firmware allows physical attackers with SPI interface access to overwrite the program call stack and achieve limited arbitrary code execution during an active session. The vulnerability affects LR1110, LR1120, and LR1121 devices running early firmware versions; however, impact is constrained to the current attack session because secure boot prevents persistent firmware modification, cryptographic keys remain isolated, and all changes revert upon device reboot or loss of physical access. CVSS 5.4 (moderate) reflects the physical attack requirement despite high confidentiality and integrity impact.

RCE Lr1110 Lr1120 Lr1121
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-69809 CRITICAL Act Now

A critical write-what-where memory corruption vulnerability exists in p2r3 Bareiron (commit 8e4d40) that allows unauthenticated remote attackers to write arbitrary values to memory locations, enabling arbitrary code execution through specially crafted network packets. The vulnerability carries a CVSS score of 9.8 and is remotely exploitable without authentication, though it is not currently listed in CISA KEV and has no EPSS score data available. A proof-of-concept appears to exist based on the GitHub reference to a dedicated CVE repository.

RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-29943 Monitor

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

Information Disclosure
NVD
EPSS
0.0%
CVE-2025-9900 HIGH PATCH This Week

A flaw was found in Libtiff. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH This Week

Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (CWE-123), enabling arbitrary memory writes that can corrupt data, crash the inference service, or leak sensitive information. The flaw carries a CVSS 7.4 (High) score with a local attack vector and high attack complexity, and affects the TensorRT-LLM library used to build and serve optimized large-language-model inference on NVIDIA GPUs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Denial Of Service Information Disclosure +1
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Arbitrary file write in remotion-dev Remotion v4.0.409 allows remote attackers to write attacker-controlled content to arbitrary filesystem locations without authentication, per the CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) and CWE-123 (Write-what-where) classification. Remotion is a React-based programmatic video rendering framework, and the flaw can lead to integrity and availability compromise of the host running the rendering engine. No public exploit identified at time of analysis, and the EPSS score of 0.15% (4th percentile) indicates low predicted exploitation likelihood despite the high CVSS score.

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Page-cache corruption in FreeBSD's kTLS-RX subsystem (CVE-2026-45257 / FreeBSD-SA-26:26.kTLS) enables an unprivileged local user to overwrite arbitrary bytes in the backing physical page of any world-readable file, including SUID-root binaries, by exploiting in-place AES-GCM decryption running directly over sendfile(2)-produced EXTPG mbufs via the kernel direct map (DMAP). The write bypasses the VFS layer entirely, defeating file permissions, mount options, and chflags schg immutable flags - making this the FreeBSD functional equivalent of Linux CVE-2022-0847 (Dirty Pipe). A public exploit (bumsrakete.c) is included in the oss-security disclosure and achieves reliable root LPE in approximately 1.5 seconds on default FreeBSD 13.0 through 15.0 on amd64, arm64, and riscv; no public KEV listing has been identified at time of analysis.

Authentication Bypass Freebsd
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's Generic Receive Offload (GRO) networking path allows local attackers to corrupt kernel memory and potentially achieve privilege escalation or denial of service. The flaw stems from skb_gro_receive() merging fragment lists between socket buffers without honoring the SKBFL_MANAGED_FRAG_REFS zero-copy flag, leaving page refcounts inconsistent. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (5th percentile).

Linux Information Disclosure
NVD VulDB
EPSS 0% 5.1 CVSS 7.8
HIGH POC PATCH Act Now

Local privilege escalation in Linux kernel XFRM ESP-in-TCP subsystem (Fragnesia vulnerability) allows authenticated local attackers to overwrite kernel memory structures by exploiting arbitrary byte writes into the kernel page cache of read-only files. CVSS score of 7.8 reflects high impact across confidentiality, integrity, and availability. Low attack complexity (AC:L) and no user interaction requirement (UI:N) make this exploitable by any local user with basic privileges. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, but the specific vulnerability name 'Fragnesia' suggests coordinated disclosure with security research community.

Privilege Escalation Linux
NVD VulDB GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.

Microsoft Privilege Escalation
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stack memory write protection bypass in Semtech LoRa LR11xx transceiver firmware allows physical attackers with SPI interface access to overwrite the program call stack and achieve limited arbitrary code execution during an active session. The vulnerability affects LR1110, LR1120, and LR1121 devices running early firmware versions; however, impact is constrained to the current attack session because secure boot prevents persistent firmware modification, cryptographic keys remain isolated, and all changes revert upon device reboot or loss of physical access. CVSS 5.4 (moderate) reflects the physical attack requirement despite high confidentiality and integrity impact.

RCE Lr1110 Lr1120 +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A critical write-what-where memory corruption vulnerability exists in p2r3 Bareiron (commit 8e4d40) that allows unauthenticated remote attackers to write arbitrary values to memory locations, enabling arbitrary code execution through specially crafted network packets. The vulnerability carries a CVSS score of 9.8 and is remotely exploitable without authentication, though it is not currently listed in CISA KEV and has no EPSS score data available. A proof-of-concept appears to exist based on the GitHub reference to a dedicated CVE repository.

RCE
NVD GitHub VulDB
EPSS 0%
Monitor

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A flaw was found in Libtiff. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy