Vulnerabilities > Cloudflare > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-01 | CVE-2025-4144 | Unspecified vulnerability in Cloudflare Workers-Oauth-Provider 0.0.5 PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . | 9.8 |
| 2022-12-27 | CVE-2014-125026 | Out-of-bounds Write vulnerability in Cloudflare Golz4 LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. | 9.8 |
| 2022-10-28 | CVE-2022-3320 | Missing Authorization vulnerability in Cloudflare Warp It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. | 9.8 |
| 2021-11-11 | CVE-2021-3907 | Path Traversal vulnerability in multiple products OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. | 9.8 |