Login Sign Up

CWE-754: CWE-754

127
Total CVEs
8
Critical
64
High
6.9
Avg CVSS

Yearly Trend

2026
18
2025
40
2024
40
2023
13
2022
7

Top Affected Vendors

1 Juniper 24
2 Linux 14
3 Mattermost 6
4 Huawei 5
5 Apple 4
6 Ibm 4
7 Openssl 3
8 Schneider Electric 3
9 Paloaltonetworks 2
10 Mediatek 2

All CWE-754 CVEs (127)

CVE-2026-24054
10.0

A vulnerability in Kata Containers allows malformed container images with no layers to cause the host's block device to be mounted as read-only, poten...

Jan 29, 2026
CVE-2021-0211
10.0

This vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows attackers to send specially crafted BGP FlowSpec messages that cause route...

Jan 15, 2021
CVE-2024-7826
9.8

This vulnerability in Webroot SecureAnywhere's Web Shield component allows attackers to bypass security checks through improper validation of unusual ...

Oct 3, 2024
CVE-2024-3729
9.8

This vulnerability in the Frontend Admin WordPress plugin allows unauthenticated attackers to manipulate form processing functions when the server lac...

May 2, 2024
CVE-2023-37303
9.8

This vulnerability in the CheckUser extension for MediaWiki allows denial-of-service attacks when attempting to block users, causing temporary browser...

Jun 30, 2023
CVE-2022-20130
9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Android devices without user interaction. It affects Android versions...

Jun 15, 2022
CVE-2021-33622
9.8

CVE-2021-33622 is a critical vulnerability in Sylabs Singularity container software where incorrect return value checking allows attackers to bypass s...

Jun 15, 2021
CVE-2020-28037
9.8

This vulnerability in WordPress allows attackers to trigger a fresh installation on an already installed WordPress site, potentially leading to remote...

Nov 2, 2020
CVE-2025-20093
8.2

This vulnerability in Intel 800 Series Ethernet drivers allows authenticated local users to escalate privileges due to improper exception handling. It...

Aug 12, 2025
CVE-2024-11599
8.2

This vulnerability allows unauthenticated attackers to bypass email domain restrictions in Mattermost by submitting specially crafted email addresses ...

Nov 28, 2024
CVE-2025-43715
8.1

This vulnerability allows local users on Windows systems to escalate privileges to SYSTEM during NSIS installer execution. Attackers can exploit a rac...

Apr 17, 2025
CVE-2024-4611
8.1

The AppPresser WordPress plugin has an authentication bypass vulnerability in versions up to 4.3.2. Unauthenticated attackers can log in as any existi...

May 29, 2024
CVE-2025-14322
8.0

This CVE describes a sandbox escape vulnerability in Firefox and Thunderbird's Graphics: CanvasWebGL component due to incorrect boundary conditions. I...

Dec 9, 2025
CVE-2025-24303
7.8

This vulnerability in Intel 800 Series Ethernet drivers allows authenticated local users to escalate privileges due to improper condition checking. It...

Aug 12, 2025
CVE-2024-47727
7.8

This vulnerability in the Linux kernel's TDX (Trust Domain Extensions) implementation allows userspace processes to trick the kernel into performing M...

Oct 21, 2024
CVE-2024-42284
7.8

A buffer overflow vulnerability in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem allows attackers to cause memory corrup...

Aug 17, 2024
CVE-2024-42159
7.8

This CVE is an integer overflow vulnerability in the Linux kernel's mpi3mr SCSI driver. It allows attackers to write beyond allocated memory bounds by...

Jul 30, 2024
CVE-2023-41992
7.8

This CVE describes a privilege escalation vulnerability in Apple operating systems that allows local attackers to gain elevated privileges. It affects...

Sep 21, 2023
CVE-2023-21102
7.8

This vulnerability allows local attackers to bypass shadow stack protection in the Android kernel, potentially leading to privilege escalation without...

May 15, 2023
CVE-2026-25639
7.5

This vulnerability in Axios allows attackers to cause denial of service by providing malicious configuration objects containing __proto__ as an own pr...

Feb 9, 2026
CVE-2025-14840
7.5

This vulnerability in Drupal HTTP Client Manager allows attackers to bypass access controls through forceful browsing, potentially accessing restricte...

Jan 28, 2026
CVE-2025-69420
7.5

A type confusion vulnerability in OpenSSL's TimeStamp Response verification allows attackers to cause denial of service by providing malformed timesta...

Jan 27, 2026
CVE-2026-0227
7.5

An unauthenticated attacker can send specially crafted requests to Palo Alto Networks PAN-OS firewalls, causing them to crash and enter maintenance mo...

Jan 15, 2026
CVE-2025-61976
7.5

CVE-2025-61976 is an improper condition check vulnerability in CHOCO TEI WATCHER mini (IB-MCT001) that allows remote attackers to send specially craft...

Dec 16, 2025
CVE-2025-33201
7.5

NVIDIA Triton Inference Server has a vulnerability where sending excessively large payloads can trigger improper condition checking, potentially causi...

Dec 3, 2025
CVE-2025-60004
7.5

An unauthenticated network attacker can cause a denial-of-service by sending a specific BGP EVPN update message to Juniper Junos OS and Junos OS Evolv...

Oct 9, 2025
CVE-2024-52504
7.5

A vulnerability in Siemens SIPROTEC 4 protection devices allows unauthenticated remote attackers to cause denial of service by exploiting improper han...

Aug 12, 2025
CVE-2025-52931
7.5

The Mattermost Confluence Plugin before version 1.5.0 contains an improper input validation vulnerability that allows attackers to crash the plugin by...

Aug 11, 2025
CVE-2025-24224
7.5

This vulnerability allows a remote attacker to cause unexpected system termination (crash/reboot) on affected Apple devices. It affects multiple Apple...

Jul 30, 2025
CVE-2025-30660
7.5

An unauthenticated attacker can cause denial-of-service on Juniper MX Series routers by sending high rates of specific GRE traffic. This causes the Pa...

Apr 9, 2025
CVE-2025-21594
7.5

This vulnerability in Juniper Networks Junos OS on MX Series routers allows crafted IPv6 traffic to cause a denial of service by permanently blocking ...

Apr 9, 2025
CVE-2025-2704
7.5

This vulnerability allows remote attackers to cause a denial of service in OpenVPN servers by corrupting and replaying network packets during the earl...

Apr 2, 2025
CVE-2024-45650
7.5

IBM Security Verify Directory versions 10.0 through 10.0.3 are vulnerable to denial of service when processing LDAP extended operations. Attackers can...

Jan 31, 2025
CVE-2024-3393
7.5

An unauthenticated attacker can send a malicious DNS packet through a Palo Alto Networks firewall's data plane, causing the firewall to reboot. Repeat...

Dec 27, 2024
CVE-2024-53916
7.5

This vulnerability in OpenStack Neutron allows unprivileged tenants to modify network tags on network objects they don't own due to improper policy en...

Nov 25, 2024
CVE-2024-53432
7.5

This vulnerability allows attackers to cause denial-of-service by crashing applications that use PCL 1.14.1 to process malicious PLY files. Anyone usi...

Nov 21, 2024
CVE-2024-47499
7.5

An unauthenticated attacker can cause denial of service by sending a specially crafted BGP update with a malformed AS PATH attribute to Juniper device...

Oct 11, 2024
CVE-2024-9124
7.5

A denial-of-service vulnerability in Rockwell Automation PowerFlex 600T drives allows attackers to make the device unavailable by overloading it with ...

Oct 8, 2024
CVE-2024-8175
7.5

An unauthenticated remote attacker can cause a denial-of-service (DoS) in CODESYS web servers by triggering invalid memory access. This affects indust...

Sep 25, 2024
CVE-2024-39545
7.5

An unauthenticated attacker can cause a denial of service by sending specially crafted IPsec negotiation packets to Juniper devices running vulnerable...

Jul 11, 2024
CVE-2024-39540
7.5

An unauthenticated attacker can cause a denial-of-service by sending specific valid TCP traffic to affected Juniper devices, triggering a Packet Forwa...

Jul 11, 2024
CVE-2024-21586
7.5

An unauthenticated network attacker can cause a denial-of-service by sending specific valid traffic to vulnerable Juniper SRX and NFX Series devices. ...

Jul 1, 2024
CVE-2024-38461
7.5

This vulnerability in iRODS allows attackers to cause the irodsServerMonPerf component to process a path that isn't a directory, potentially leading t...

Jun 16, 2024
CVE-2024-21614
7.5

An unauthenticated network attacker can crash the Routing Protocol Daemon (RPD) on Juniper Junos OS and Junos OS Evolved by sending a specific Dynamic...

Jan 12, 2024
CVE-2023-44099
7.5

This CVE describes a data verification error vulnerability in a kernel module that affects WLAN functionality. Successful exploitation could cause WLA...

Dec 6, 2023
CVE-2023-46765
7.5

This vulnerability involves uncaught exceptions in the NFC module, which could allow attackers to disrupt NFC functionality. Successful exploitation a...

Nov 8, 2023
CVE-2023-44199
7.5

This vulnerability allows network-based attackers to cause denial of service on Juniper MX Series routers by exploiting improper condition checking in...

Oct 13, 2023
CVE-2022-25024
7.5

CVE-2022-25024 is a denial-of-service vulnerability in the Python json2xml package where malformed input triggers an unhandled exception, crashing the...

Aug 22, 2023
CVE-2023-37899
7.5

Feathers.js Socket.io handler contains an uncaught exception vulnerability where specially crafted messages with invalid toString methods can crash th...

Jul 19, 2023
CVE-2023-36835
7.5

A vulnerability in Juniper Networks Junos OS on QFX10000 Series allows a network-based attacker to cause a persistent Denial of Service (DoS) by sendi...

Jul 14, 2023

About CWE-754 (CWE-754)

Our database tracks 127 CVEs classified as CWE-754, with 8 rated critical and 64 rated high severity. The average CVSS score for CWE-754 vulnerabilities is 6.9.

External reference: View CWE-754 on MITRE CWE →

Monitor CWE-754 Vulnerabilities

Get alerted when new CWE-754 CVEs affect your infrastructure.

Start Monitoring Free