Skip to main content

CWE-561

Dead Code

9 CVEs Avg CVSS 5.9 MITRE
2
CRITICAL
1
HIGH
3
MEDIUM
3
LOW
1
POC
0
KEV

Monthly

CVE-2026-44057 LOW Monitor

Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unmarshaller - code intended to enforce input boundaries is logically unreachable, leaving RPC input processing without effective size validation. Remote attackers who hold at least low-level credentials can submit crafted Spotlight RPC requests to extract limited confidential information from the service. No public exploit has been identified at time of analysis, and the CVSS 3.1 score correctly reflects the constrained real-world impact: high attack complexity, authentication required, and confidentiality-only impact with no integrity or availability consequence.

Information Disclosure Netatalk
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-34205 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker PHP Deserialization RCE Virtual Appliance Application +1
NVD
CVSS 4.0
9.3
EPSS
4.3%
CVE-2024-8300 HIGH This Week

Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-32634 MEDIUM This Month

In huge memory get unmapped area check, code can never be reached because of a logical contradiction. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Asr3603 Firmware Asr1607 Firmware Asr1803Sc Firmware Asr3602 Firmware +9
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-33726 LOW Monitor

Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33685 MEDIUM This Month

Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-30748 MEDIUM This Month

Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Members
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25398 LOW Monitor

Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bixby Voice
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2018-0039 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.0%
EPSS 0% CVSS 3.1
LOW Monitor

Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unmarshaller - code intended to enforce input boundaries is logically unreachable, leaving RPC input processing without effective size validation. Remote attackers who hold at least low-level credentials can submit crafted Spotlight RPC requests to extract limited confidential information from the service. No public exploit has been identified at time of analysis, and the CVSS 3.1 score correctly reflects the constrained real-world impact: high attack complexity, authentication required, and confidentiality-only impact with no integrity or availability consequence.

Information Disclosure Netatalk
NVD
EPSS 4% CVSS 9.3
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker PHP Deserialization +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In huge memory get unmapped area check, code can never be reached because of a logical contradiction. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Asr3603 Firmware Asr1607 Firmware +11
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Members
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bixby Voice
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Authentication Bypass Juniper +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy