CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-1330 MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | 7.5 | HIGH | — | 0 |
| CVE-2025-63653 An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the s... | 7.5 | HIGH | — | 0 |
| CVE-2025-63652 A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server... | 7.5 | HIGH | — | 0 |
| CVE-2025-8590 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 070... | 7.5 | HIGH | — | 0 |
| CVE-2025-62603 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that car... | 7.5 | HIGH | — | 0 |
| CVE-2026-32285 The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack. | 7.5 | HIGH | — | 0 |
| CVE-2026-22260 Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use def... | 7.5 | HIGH | — | 0 |
| CVE-2026-22259 Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can ... | 7.5 | HIGH | — | 0 |
| CVE-2019-25349 ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-c... | 7.5 | HIGH | — | 0 |
| CVE-2026-22258 Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process... | 7.5 | HIGH | — | 0 |
| CVE-2026-40586 blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed wi... | 7.5 | HIGH | — | 0 |
| CVE-2025-68017 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affe... | 7.5 | HIGH | — | 0 |
| CVE-2026-1483 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2025-68035 Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1482 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1481 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1480 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-25614 Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680. | 7.5 | HIGH | — | 0 |
| CVE-2026-1479 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37015 Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameter... | 7.5 | HIGH | — | 0 |
| CVE-2026-6784 Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to... | 7.5 | HIGH | — | 0 |
| CVE-2026-39320 Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service (ReDoS) attack within t... | 7.5 | HIGH | — | 0 |
| CVE-2025-68841 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack – Complete Elementor Addons, Theme & CPT Builder topper... | 7.5 | HIGH | — | 0 |
| CVE-2026-6780 Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150. | 7.5 | HIGH | — | 0 |
| CVE-2026-24455 The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive ... | 7.5 | HIGH | — | 0 |
| CVE-2026-6766 Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | 7.5 | HIGH | — | 0 |
| CVE-2026-22888 Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product. | 7.5 | HIGH | — | 0 |
| CVE-2026-1478 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1477 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1476 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1475 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1474 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2025-68905 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.Th... | 7.5 | HIGH | — | 0 |
| CVE-2020-36995 Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User'... | 7.5 | HIGH | — | 0 |
| CVE-2025-68907 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7... | 7.5 | HIGH | — | 0 |
| CVE-2026-1473 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1472 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-24831 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 7.5 | HIGH | — | 0 |
| CVE-2025-69420 Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NU... | 7.5 | HIGH | — | 0 |
| CVE-2025-68913 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion... | 7.5 | HIGH | — | 0 |
| CVE-2026-21626 Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure | 7.5 | HIGH | — | 0 |
| CVE-2026-39408 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG() allows files to be written outside the configured output direc... | 7.5 | HIGH | — | 0 |
| CVE-2022-50978 An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP). | 7.5 | HIGH | — | 0 |
| CVE-2022-50977 An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP. | 7.5 | HIGH | — | 0 |
| CVE-2025-70758 chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.p... | 7.5 | HIGH | — | 0 |
| CVE-2020-36939 Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disa... | 7.5 | HIGH | — | 0 |
| CVE-2025-68048 Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite... | 7.5 | HIGH | — | 0 |
| CVE-2026-6747 Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | 7.5 | HIGH | — | 0 |
| CVE-2020-37085 VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit... | 7.5 | HIGH | — | 0 |
| CVE-2026-22356 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue a... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.