CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-5332 A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross... | 3.5 | LOW | β | 0 |
| CVE-2026-40334 libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The functio... | 3.5 | LOW | β | 0 |
| CVE-2026-5806 A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cros... | 3.5 | LOW | β | 0 |
| CVE-2026-40341 libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input fr... | 3.5 | LOW | β | 0 |
| CVE-2026-3254 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into... | 3.5 | LOW | β | 0 |
| CVE-2026-6743 A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated remo... | 3.5 | LOW | β | 0 |
| CVE-2026-6745 A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scriptin... | 3.5 | LOW | β | 0 |
| CVE-2026-6600 A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of t... | 3.5 | LOW | β | 0 |
| CVE-2026-4626 A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyer_booking.php. The manipulation of the argument Description leads to cr... | 3.5 | LOW | β | 0 |
| CVE-2026-5568 A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site script... | 3.5 | LOW | β | 0 |
| CVE-2026-6619 A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview... | 3.5 | LOW | β | 0 |
| CVE-2026-35679 Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometim... | 3.5 | LOW | β | 0 |
| CVE-2026-6593 A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross... | 3.5 | LOW | β | 0 |
| CVE-2026-6592 A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation... | 3.5 | LOW | β | 0 |
| CVE-2026-35400 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, ... | 3.5 | LOW | β | 0 |
| CVE-2026-33404 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL da... | 3.4 | LOW | β | 0 |
| CVE-2026-35361 The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std:... | 3.4 | LOW | β | 0 |
| CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access right... | 3.4 | LOW | β | 0 |
| CVE-2026-5456 A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the compo... | 3.3 | LOW | β | 0 |
| CVE-2026-5462 A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.... | 3.3 | LOW | β | 0 |
| CVE-2026-5453 A vulnerability has been found in Rico sΓ³ vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.j... | 3.3 | LOW | β | 0 |
| CVE-2026-21727 --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" ... | 3.3 | LOW | β | 0 |
| CVE-2026-5455 A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file fileΒ res/raw/config.json of the component ca.diagram.dialogue. Executing ... | 3.3 | LOW | β | 0 |
| CVE-2026-5452 A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This mani... | 3.3 | LOW | β | 0 |
| CVE-2025-43236 A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected ap... | 3.3 | LOW | β | 0 |
| CVE-2026-5457 A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of t... | 3.3 | LOW | β | 0 |
| CVE-2026-5454 A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file fileΒ res/raw/app.json of the component co.gridapp.organiser. Performing a manipulati... | 3.3 | LOW | β | 0 |
| CVE-2026-5471 A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.... | 3.3 | LOW | β | 0 |
| CVE-2026-5458 A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.... | 3.3 | LOW | β | 0 |
| CVE-2026-28264 Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentia... | 3.3 | LOW | β | 0 |
| CVE-2026-40505 MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ... | 3.3 | LOW | β | 0 |
| CVE-2026-35379 A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space chara... | 3.3 | LOW | β | 0 |
| CVE-2026-35353 The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them t... | 3.3 | LOW | β | 0 |
| CVE-2026-35371 The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of... | 3.3 | LOW | β | 0 |
| CVE-2026-35367 The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically... | 3.3 | LOW | β | 0 |
| CVE-2026-35342 The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementat... | 3.3 | LOW | β | 0 |
| CVE-2026-35381 A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The imp... | 3.3 | LOW | β | 0 |
| CVE-2026-35378 A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw ... | 3.3 | LOW | β | 0 |
| CVE-2026-35346 The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 by... | 3.3 | LOW | β | 0 |
| CVE-2026-35377 A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, backslashes within single quote... | 3.3 | LOW | β | 0 |
| CVE-2026-35344 The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special ... | 3.3 | LOW | β | 0 |
| CVE-2026-6830 nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next pro... | 3.3 | LOW | β | 0 |
| CVE-2026-35373 A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms (e.g., ln SOURCE... DIRECTORY). Whil... | 3.3 | LOW | β | 0 |
| CVE-2026-35375 A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to_string_lossy() whe... | 3.3 | LOW | β | 0 |
| CVE-2026-34766 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callbac... | 3.3 | LOW | β | 0 |
| CVE-2026-29179 October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and T... | 3.3 | LOW | β | 0 |
| CVE-2026-35343 The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited fla... | 3.3 | LOW | β | 0 |
| CVE-2026-6042 A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results i... | 3.3 | LOW | β | 0 |
| CVE-2026-35094 A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection clea... | 3.3 | LOW | β | 0 |
| CVE-2026-20684 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.4. An app may bypass Gatekeeper checks. | 3.3 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.