Skip to main content

CWE-707

Improper Neutralization

171 CVEs Avg CVSS 7.0 MITRE
41
CRITICAL
23
HIGH
105
MEDIUM
2
LOW
89
POC
2
KEV

Monthly

CVE-2026-4249 HIGH PATCH This Week

Persistent denial of service in multiple WSO2 products - including WSO2 API Manager, WSO2 Universal Gateway, WSO2 Traffic Manager, and WSO2 API Control Plane - allows an unauthenticated remote attacker to send malicious JSON payloads to the throttling event handling mechanism, crashing or corrupting API Gateway state so that legitimate API traffic can no longer be processed. Because the outage is persistent and requires manual intervention to restore service, and the CVSS scope is changed (S:C), a single request can take down the entire API Gateway tier. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Denial Of Service Wso2 Universal Gateway Wso2 Traffic Manager Wso2 Api Control Plane Wso2 Api Manager
NVD VulDB
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-66545 LOW PATCH Monitor

A security vulnerability in a group or team. (CVSS 3.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Nextcloud
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-27712 LOW Monitor

Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within Ring 3: User Applications may allow an escalation of privilege. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
2.4
EPSS
0.0%
CVE-2025-24921 MEDIUM This Month

Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-26633 HIGH POC KEV THREAT Act Now

A security feature bypass in Microsoft Management Console (MMC) allows attackers to evade security warnings and execute malicious code locally. KEV-listed and tracked as CVE-2025-26633, this vulnerability has been actively exploited by the Water Gamayun threat group (also tracked as EncryptHub) using crafted .msc files to deploy info-stealing malware. Public PoC is available and EPSS is 7.1%.

Authentication Bypass Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
7.1%
Threat
4.6
CVE-2024-43572 HIGH KEV PATCH THREAT This Week

Microsoft Management Console Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
61.0%
CVE-2022-4730 PyPI MEDIUM POC PATCH This Month

A vulnerability was found in Graphite Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4729 PyPI MEDIUM POC PATCH This Month

A vulnerability was found in Graphite Web and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4728 PyPI MEDIUM POC PATCH This Month

A vulnerability has been found in Graphite Web and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4727 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java XSS Appointment Scheduling Module
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Persistent denial of service in multiple WSO2 products - including WSO2 API Manager, WSO2 Universal Gateway, WSO2 Traffic Manager, and WSO2 API Control Plane - allows an unauthenticated remote attacker to send malicious JSON payloads to the throttling event handling mechanism, crashing or corrupting API Gateway state so that legitimate API traffic can no longer be processed. Because the outage is persistent and requires manual intervention to restore service, and the CVSS scope is changed (S:C), a single request can take down the entire API Gateway tier. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Denial Of Service Wso2 Universal Gateway Wso2 Traffic Manager +2
NVD VulDB
EPSS 0% CVSS 3.5
LOW PATCH Monitor

A security vulnerability in a group or team. (CVSS 3.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Nextcloud
NVD GitHub
EPSS 0% CVSS 2.4
LOW Monitor

Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within Ring 3: User Applications may allow an escalation of privilege. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel
NVD
EPSS 7% 4.6 CVSS 7.0
HIGH POC KEV THREAT Act Now

A security feature bypass in Microsoft Management Console (MMC) allows attackers to evade security warnings and execute malicious code locally. KEV-listed and tracked as CVE-2025-26633, this vulnerability has been actively exploited by the Water Gamayun threat group (also tracked as EncryptHub) using crafted .msc files to deploy info-stealing malware. Public PoC is available and EPSS is 7.1%.

Authentication Bypass Microsoft
NVD Exploit-DB VulDB
EPSS 61% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Microsoft Management Console Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 +14
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

A vulnerability was found in Graphite Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

A vulnerability was found in Graphite Web and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

A vulnerability has been found in Graphite Web and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java XSS Appointment Scheduling Module
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy