CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-32602 Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.register) is vulnerable to a race condition that allows an attacker to create multiple user accounts... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma chara... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-33720 n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-27814 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase β 3-phase switch request (`ac_switch_three_phases_while_charging`) during char... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35617 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by chan... | 4.2 | MEDIUM | β | 0 |
| CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user acc... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-39413 LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying '... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35624 OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms t... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-26072 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is E... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-3532 Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0. | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35041 fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular ... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-24318 Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unautho... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-33248 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map` to deri... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-26071 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-5107 A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation lea... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35601 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT v... | 4.1 | MEDIUM | β | 0 |
| CVE-2025-36373 IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway coul... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-34860 Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 4.1 | MEDIUM | β | 0 |
| CVE-2026-40566 FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection test functionality of FreeSc... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-33619 PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook deliver... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-39845 Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable t... | 4.1 | MEDIUM | β | 0 |
| CVE-2025-43883 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploi... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-22574 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all ve... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-34858 UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.1 | MEDIUM | β | 0 |
| CVE-2026-35177 Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, c... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-27683 SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-39566 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects Direc... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-40385 In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-40394 Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 sessi... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-40396 Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session re... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-40395 Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-33535 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` intera... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-41282 ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration). | 4.0 | MEDIUM | β | 0 |
| CVE-2026-21767 HCL BigFix Platform is affected byΒ insufficient authentication.Β The application might allow users to access sensitive areas of the application without proper authentication. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-28816 A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does n... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-39316 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) w... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-34553 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and o... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-39572 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retr... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-39314 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-c... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-31804 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Medi... | 4.0 | MEDIUM | β | 0 |
| CVE-2025-14684 IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when writ... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-28882 This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's insta... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-41254 Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-28826 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to break out of its sandbox. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-2625 A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, thi... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-40386 In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-33555 An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-20607 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-34768 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSetting... | 3.9 | LOW | β | 0 |
| CVE-2025-66037 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the ... | 3.9 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.