Skip to main content

CWE-475

Undefined Behavior for Input to API

10 CVEs Avg CVSS 6.6 MITRE
0
CRITICAL
5
HIGH
5
MEDIUM
0
LOW
2
POC
0
KEV

Monthly

CVE-2026-42009 HIGH PATCH This Week

Denial of service in GnuTLS affects the Datagram Transport Layer Security (DTLS) packet reordering logic, where the comparator function fails to correctly handle packets with duplicate sequence numbers. Remote unauthenticated attackers can send specially crafted DTLS packet sequences to trigger unstable ordering or undefined behavior, causing service disruption. No public exploit identified at time of analysis, and the issue is rated CVSS 7.5 (High) for availability impact only.

Denial Of Service Gnutls Hardened Images Openshift Container Platform Enterprise Linux +10
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47866 MEDIUM PATCH This Month

An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.

File Upload Apex Central
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47865 HIGH PATCH This Week

Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on affected systems. This vulnerability affects Trend Micro Apex Central installations below version 8.0.6955 and requires an authenticated attacker with low privileges to exploit. The vulnerability combines LFI with RCE capabilities, representing a significant threat to organizations using vulnerable Apex Central deployments.

RCE Trend Micro LFI Apex Central
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-10569 PyPI HIGH POC This Week

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gradio
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-3099 PyPI MEDIUM POC PATCH This Month

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mlflow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20380 HIGH This Week

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-4875 MEDIUM PATCH This Month

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Mutt Debian Linux
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-4874 MEDIUM This Month

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mutt Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2253 Go MEDIUM PATCH This Month

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openshift Api For Data Protection Openshift Container Platform Openshift Developer Tools And Services
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-7925 HIGH This Week

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
7.5
EPSS
1.7%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in GnuTLS affects the Datagram Transport Layer Security (DTLS) packet reordering logic, where the comparator function fails to correctly handle packets with duplicate sequence numbers. Remote unauthenticated attackers can send specially crafted DTLS packet sequences to trigger unstable ordering or undefined behavior, causing service disruption. No public exploit identified at time of analysis, and the issue is rated CVSS 7.5 (High) for availability impact only.

Denial Of Service Gnutls Hardened Images +12
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.

File Upload Apex Central
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on affected systems. This vulnerability affects Trend Micro Apex Central installations below version 8.0.6955 and requires an authenticated attacker with low privileges to exploit. The vulnerability combines LFI with RCE capabilities, representing a significant threat to organizations using vulnerable Apex Central deployments.

RCE Trend Micro LFI +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gradio
NVD
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mlflow
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Mutt Debian Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mutt Debian Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openshift Api For Data Protection Openshift Container Platform +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy