Skip to main content

CWE-393

Return of Wrong Status Code

6 CVEs Avg CVSS 7.0 MITRE
0
CRITICAL
3
HIGH
3
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-53092 HIGH This Week

Privilege-relevant memory corruption in the Linux kernel eBPF verifier (introduced around v6.11) lets a local user with BPF-loading capability defeat the verifier's range tracking when a register adds to itself (rX += rX), because adjust_reg_min_max_vals() mutates dst_reg in place and then reads the already-modified src_reg, recording a wrong delta that sync_linked_regs() propagates to linked registers. The result is a verifier-vs-runtime mismatch - the verifier reasons about register bounds that differ from actual execution, the classic precursor to out-of-bounds kernel memory access and local privilege escalation. CVSS is 7.8 (High); EPSS is low (0.17%, 6th percentile), there is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24531 MEDIUM PATCH This Month

In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass. [CVSS 6.7 MEDIUM]

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-5987 HIGH PATCH This Week

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library.

OpenSSL Denial Of Service Libssh
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-32414 MEDIUM POC PATCH This Month

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Python Buffer Overflow Libxml2 Red Hat Suse
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2024-49117 HIGH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +3
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-5401 MEDIUM This Month

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routing Release
NVD
CVSS 3.1
5.3
EPSS
1.0%
EPSS 0% CVSS 7.8
HIGH This Week

Privilege-relevant memory corruption in the Linux kernel eBPF verifier (introduced around v6.11) lets a local user with BPF-loading capability defeat the verifier's range tracking when a register adds to itself (rX += rX), because adjust_reg_min_max_vals() mutates dst_reg in place and then reads the already-modified src_reg, recording a wrong delta that sync_linked_regs() propagates to linked registers. The result is a verifier-vs-runtime mismatch - the verifier reasons about register bounds that differ from actual execution, the classic precursor to out-of-bounds kernel memory access and local privilege escalation. CVSS is 7.8 (High); EPSS is low (0.17%, 6th percentile), there is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass. [CVSS 6.7 MEDIUM]

Authentication Bypass Red Hat Suse
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library.

OpenSSL Denial Of Service Libssh
NVD
EPSS 0% CVSS 5.6
MEDIUM POC PATCH This Month

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Python Buffer Overflow Libxml2 +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows 11 22h2 +5
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routing Release
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy