Skip to main content

CWE-662

Improper Synchronization

21 CVEs Avg CVSS 6.0 MITRE
1
CRITICAL
5
HIGH
12
MEDIUM
3
LOW
4
POC
0
KEV

Monthly

CVE-2026-13489 LOW POC PATCH Monitor

Improper response routing in xiaozhi-esp32 firmware up to version 2.2.6 allows any authenticated WebSocket client to receive MCP (Model Context Protocol) responses intended for other connected clients, enabling cross-client information disclosure and low-integrity interference. The flaw resides in the ParseMessage function within main/mcp_server.cc, where the MCP Response Handler broadcasts responses globally to all connected WebSocket clients on port 8080 rather than routing replies back to the originating client. A public proof-of-concept is available via GitHub issue #2020; no active exploitation has been confirmed in CISA KEV, and the CVSS 4.0 score of 2.3 reflects high attack complexity and limited overall impact in this niche IoT context.

Information Disclosure Xiaozhi Esp32
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.2%
CVE-2025-22853 LOW Monitor

Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
1.8
EPSS
0.0%
CVE-2025-27104 PyPI LOW POC PATCH Monitor

vyper is a Pythonic Smart Contract Language for the EVM. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 4.0
2.3
EPSS
0.3%
CVE-2024-7409 HIGH This Week

A flaw was found in the QEMU NBD Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2024-32644 Go CRITICAL PATCH Act Now

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Evmos
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-20625 MEDIUM This Month

In adsp, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20611 MEDIUM This Month

In gpu, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20610 MEDIUM This Month

In display drm, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20607 MEDIUM This Month

In ccu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-32610 MEDIUM This Month

In vcu, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
EPSS 0% CVSS 1.3
LOW POC PATCH Monitor

Improper response routing in xiaozhi-esp32 firmware up to version 2.2.6 allows any authenticated WebSocket client to receive MCP (Model Context Protocol) responses intended for other connected clients, enabling cross-client information disclosure and low-integrity interference. The flaw resides in the ParseMessage function within main/mcp_server.cc, where the MCP Response Handler broadcasts responses globally to all connected WebSocket clients on port 8080 rather than routing replies back to the originating client. A public proof-of-concept is available via GitHub issue #2020; no active exploitation has been confirmed in CISA KEV, and the CVSS 4.0 score of 2.3 reflects high attack complexity and limited overall impact in this niche IoT context.

Information Disclosure Xiaozhi Esp32
NVD VulDB GitHub
EPSS 0% CVSS 1.8
LOW Monitor

Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 2.3
LOW POC PATCH Monitor

vyper is a Pythonic Smart Contract Language for the EVM. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A flaw was found in the QEMU NBD Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Evmos
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

In adsp, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In gpu, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In display drm, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In ccu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In vcu, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy