Skip to main content

CWE-229

Improper Handling of Values

14 CVEs Avg CVSS 6.6 MITRE
1
CRITICAL
4
HIGH
7
MEDIUM
1
LOW
4
POC
0
KEV

Monthly

CVE-2026-45602 CRITICAL PATCH Exploit Unlikely Act Now

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-4736 HIGH PATCH This Week

Improper handling of values in the netfilter modules of Echo-Mate SDK versions before V250329 allows local attackers with low privileges to achieve high-impact confidentiality, integrity, and availability violations through manipulation of nf_tables, nft_byteorder, or nft_meta components. The vulnerability requires local access and specific conditions to exploit but poses significant risk to system security with confirmed patch availability.

Information Disclosure Echo Mate
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-31648 LOW Monitor

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. [CVSS 3.9 LOW]

Privilege Escalation
NVD VulDB
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-7964 Monitor

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.

Information Disclosure
NVD
EPSS
0.1%
CVE-2025-20268 MEDIUM This Month

A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2024-20431 MEDIUM This Month

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2024-39531 HIGH This Week

An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-30800 MEDIUM POC PATCH This Month

PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. Rated medium severity (CVSS 5.6). Public exploit code available.

Information Disclosure Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
5.6
EPSS
0.2%
CVE-2024-30917 MEDIUM POC This Month

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fast Dds
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-29460 MEDIUM POC This Month

An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
EPSS 0% CVSS 9.1
CRITICAL PATCH Exploit Unlikely Act Now

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Improper handling of values in the netfilter modules of Echo-Mate SDK versions before V250329 allows local attackers with low privileges to achieve high-impact confidentiality, integrity, and availability violations through manipulation of nf_tables, nft_byteorder, or nft_meta components. The vulnerability requires local access and specific conditions to exploit but poses significant risk to system security with confirmed patch availability.

Information Disclosure Echo Mate
NVD GitHub VulDB
EPSS 0% CVSS 3.9
LOW Monitor

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. [CVSS 3.9 LOW]

Privilege Escalation
NVD VulDB
EPSS 0%
Monitor

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.

Information Disclosure
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 5.6
MEDIUM POC PATCH This Month

PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. Rated medium severity (CVSS 5.6). Public exploit code available.

Information Disclosure Px4 Drone Autopilot
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fast Dds
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM POC This Month

An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Px4 Drone Autopilot
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy