Skip to main content

CWE-394

Unexpected Status Code or Return Value

9 CVEs Avg CVSS 6.6 MITRE
0
CRITICAL
6
HIGH
2
MEDIUM
1
LOW
1
POC
0
KEV

Monthly

CVE-2026-25085 HIGH This Week

Copeland XWEB Pro firmware versions 1.12.1 and earlier suffer from an authentication bypass vulnerability where malformed authentication responses are incorrectly validated as legitimate, allowing unauthenticated remote attackers to gain unauthorized access. The flaw affects multiple XWEB Pro models (500d, 300d, and 500b) with a CVSS score of 8.6 indicating high severity, though no patch is currently available. An attacker exploiting this vulnerability could bypass security controls and potentially access sensitive device functionality without valid credentials.

Authentication Bypass Xweb 500d Pro Firmware Xweb 300d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-48510 HIGH This Week

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Amd Uprof
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-22854 MEDIUM PATCH This Month

CVE-2025-22854 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-23013 HIGH PATCH This Month

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Apple macOS Suse
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2024-1713 HIGH POC This Week

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Plv8
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-48429 LOW PATCH Monitor

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Sinec Ins
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2023-25948 HIGH This Week

Server information leak of configuration data when an error is generated in response to a specially crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Honeywell Experion Server Experion Station Engineering Station +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28975 MEDIUM This Month

An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2019-0066 HIGH This Week

An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
1.4%
EPSS 0% CVSS 8.6
HIGH This Week

Copeland XWEB Pro firmware versions 1.12.1 and earlier suffer from an authentication bypass vulnerability where malformed authentication responses are incorrectly validated as legitimate, allowing unauthenticated remote attackers to gain unauthorized access. The flaw affects multiple XWEB Pro models (500d, 300d, and 500b) with a CVSS score of 8.6 indicating high severity, though no patch is currently available. An attacker exploiting this vulnerability could bypass security controls and potentially access sensitive device functionality without valid credentials.

Authentication Bypass Xweb 500d Pro Firmware Xweb 300d Pro Firmware +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Amd Uprof
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

CVE-2025-22854 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Month

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Apple +2
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Plv8
NVD GitHub
EPSS 1% CVSS 2.7
LOW PATCH Monitor

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Sinec Ins
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Server information leak of configuration data when an error is generated in response to a specially crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Honeywell Experion Server +3
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy