Skip to main content

CWE-179

Incorrect Behavior Order: Early Validation

5 CVEs Avg CVSS 6.6 MITRE
0
CRITICAL
3
HIGH
1
MEDIUM
1
LOW
1
POC
0
KEV

Monthly

CVE-2026-49414 HIGH This Week

Local ASLR bypass in the FreeBSD ELF image activator (kernel) lets an unprivileged user neutralize address-space layout randomization for setuid PIE binaries. By calling procctl(2) to request ASLR disablement before execve(2), the per-process disable flag remains active when the PIE base address is computed, because the activator clears the flag too late. This is a mitigation-weakening flaw that materially eases exploitation of any separate memory-corruption bug in those privileged binaries; there is no public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile).

Buffer Overflow Freebsd
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-3832 LOW PATCH Monitor

GnuTLS with OCSP verification enabled incorrectly accepts revoked server certificates when presented with specially crafted multi-record OCSP responses during TLS handshakes, allowing attackers to bypass certificate revocation checks and establish connections to compromised servers. The vulnerability requires high attack complexity and specific OCSP configuration, affecting Red Hat Enterprise Linux 6-10, Red Hat Hardened Images, and OpenShift Container Platform 4. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-4759 npm MEDIUM POC PATCH This Month

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Lockfile Lint Api
NVD GitHub
CVSS 4.0
5.5
EPSS
0.2%
CVE-2024-41686 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2022-1271 HIGH PATCH This Week

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gzip Jboss Data Grid Debian Linux Xz
NVD
CVSS 3.1
8.8
EPSS
4.3%
EPSS 0% CVSS 7.8
HIGH This Week

Local ASLR bypass in the FreeBSD ELF image activator (kernel) lets an unprivileged user neutralize address-space layout randomization for setuid PIE binaries. By calling procctl(2) to request ASLR disablement before execve(2), the per-process disable flag remains active when the PIE base address is computed, because the activator clears the flag too late. This is a mitigation-weakening flaw that materially eases exploitation of any separate memory-corruption bug in those privileged binaries; there is no public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile).

Buffer Overflow Freebsd
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

GnuTLS with OCSP verification enabled incorrectly accepts revoked server certificates when presented with specially crafted multi-record OCSP responses during TLS handshakes, allowing attackers to bypass certificate revocation checks and establish connections to compromised servers. The vulnerability requires high attack complexity and specific OCSP configuration, affecting Red Hat Enterprise Linux 6-10, Red Hat Hardened Images, and OpenShift Container Platform 4. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Lockfile Lint Api
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gzip Jboss Data Grid +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy