Skip to main content

CWE-783

Operator Precedence Logic Error

17 CVEs Avg CVSS 7.2 MITRE
2
CRITICAL
10
HIGH
4
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2026-7270 HIGH This Week

Local privilege escalation in FreeBSD kernel allows authenticated users to gain root privileges through buffer overflow in execve(2) argument handling. The vulnerability stems from an operator precedence bug causing attacker-controlled data to overwrite adjacent execution argument buffers. CISA SSVC framework indicates no active exploitation detected, though the technical impact enables complete system compromise. EPSS probability remains very low (0.02%, 5th percentile), suggesting targeted rather than widespread threat. FreeBSD has released patches across all supported release branches.

Buffer Overflow Freebsd
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0209 MEDIUM This Month

FlashArray Purity applies snapshot retention policies with timing deviations from configured schedules, allowing authenticated administrators to inadvertently trigger premature or delayed data lifecycle actions. This affects FlashArray versions 5.0.0 through 6.10.0, impacting data retention integrity and compliance posture. The vulnerability requires high administrative privileges to exploit and results in integrity compromise of snapshot management operations.

Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-25233 CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a logic bug in the roadmap feature allowing unauthorized access through incorrect operator comparison.

PHP Pearweb
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-24210 MEDIUM This Month

A logic error was addressed with improved error handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-27512 Cargo LOW PATCH Monitor

Zincati is an auto-update agent for Fedora CoreOS hosts. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2024-49736 MEDIUM This Month

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-13322 CRITICAL PATCH Act Now

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Android Google
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2024-20480 HIGH This Week

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-27886 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34726 HIGH This Week

In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in FreeBSD kernel allows authenticated users to gain root privileges through buffer overflow in execve(2) argument handling. The vulnerability stems from an operator precedence bug causing attacker-controlled data to overwrite adjacent execution argument buffers. CISA SSVC framework indicates no active exploitation detected, though the technical impact enables complete system compromise. EPSS probability remains very low (0.02%, 5th percentile), suggesting targeted rather than widespread threat. FreeBSD has released patches across all supported release branches.

Buffer Overflow Freebsd
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

FlashArray Purity applies snapshot retention policies with timing deviations from configured schedules, allowing authenticated administrators to inadvertently trigger premature or delayed data lifecycle actions. This affects FlashArray versions 5.0.0 through 6.10.0, impacting data retention integrity and compliance posture. The vulnerability requires high administrative privileges to exploit and results in integrity compromise of snapshot management operations.

Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a logic bug in the roadmap feature allowing unauthorized access through incorrect operator comparison.

PHP Pearweb
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic error was addressed with improved error handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Zincati is an auto-update agent for Fedora CoreOS hosts. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Android Google
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy