Skip to main content

CWE-642

External Control of Critical State Data

7 CVEs Avg CVSS 7.0 MITRE
0
CRITICAL
4
HIGH
3
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2025-49090 HIGH POC PATCH This Week

CVE-2025-49090 is a security vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-8754 HIGH This Week

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-22387 MEDIUM This Month

External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-32859 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-1976 MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.0.5 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Paloalto Globalprotect
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-9496 HIGH PATCH This Week

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Hostapd Wpa Supplicant Fedora
NVD
CVSS 3.0
7.5
EPSS
5.2%
CVE-2018-15382 HIGH This Week

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Hyperflex Hx Data Platform
NVD
CVSS 3.0
8.6
EPSS
1.3%
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

CVE-2025-49090 is a security vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation.

Information Disclosure Suse
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.0.5 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Paloalto Globalprotect
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Hostapd Wpa Supplicant +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Hyperflex Hx Data Platform
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy