CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-35561 Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authenticatio... | 7.4 | HIGH | โ | 0 |
| CVE-2026-25205 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hashย 97e8115ab1110bc502b4b5e4a0c689a71520d335 . | 7.4 | HIGH | โ | 0 |
| CVE-2026-2378 ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web co... | 7.4 | HIGH | โ | 0 |
| CVE-2025-33088 IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources. | 7.4 | HIGH | โ | 0 |
| CVE-2025-70093 An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. | 7.4 | HIGH | โ | 0 |
| CVE-2026-24123 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's `bentofile.yaml` configuration allows path traversal attac... | 7.4 | HIGH | โ | 0 |
| CVE-2026-24052 Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application u... | 7.4 | HIGH | โ | 0 |
| CVE-2026-27800 Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/ar... | 7.4 | HIGH | โ | 0 |
| CVE-2026-20033 A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vul... | 7.4 | HIGH | โ | 0 |
| CVE-2026-27981 HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter (authRateLimiter) tracks failed attempts per client IP. It determines the client IP by reading, 1.... | 7.4 | HIGH | โ | 0 |
| CVE-2026-33608 An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend ... | 7.4 | HIGH | โ | 0 |
| CVE-2026-32631 Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricki... | 7.4 | HIGH | โ | 0 |
| CVE-2025-48630 In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no addi... | 7.4 | HIGH | โ | 0 |
| CVE-2026-25478 Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used wi... | 7.4 | HIGH | โ | 0 |
| CVE-2025-48568 In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ... | 7.4 | HIGH | โ | 0 |
| CVE-2026-3026 A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipula... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3025 A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.as... | 7.3 | HIGH | โ | 0 |
| CVE-2025-61144 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. | 7.3 | HIGH | โ | 0 |
| CVE-2025-48634 In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution priv... | 7.3 | HIGH | โ | 0 |
| CVE-2026-26194 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the r... | 7.3 | HIGH | โ | 0 |
| CVE-2026-21420 Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabi... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2848 A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Re... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2166 A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulatio... | 7.3 | HIGH | โ | 0 |
| CVE-2026-27396 Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-21244 Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | 7.3 | HIGH | โ | 0 |
| CVE-2026-2621 A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.a... | 7.3 | HIGH | โ | 0 |
| CVE-2026-27488 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-21247 Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. | 7.3 | HIGH | โ | 0 |
| CVE-2026-26276 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repositoryโs Milestone name, and when another user selects that Milestone... | 7.3 | HIGH | โ | 0 |
| CVE-2026-24672 The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated students ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3164 A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sq... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3413 A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /admin_single_student.php. This manipulation of the argument ID causes sql i... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3153 A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql inject... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2629 A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TT... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2549 A vulnerability has been found in zhanghuanhao LibrarySystem ๅพไนฆ้ฆ็ฎก็็ณป็ป up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls. ... | 7.3 | HIGH | โ | 0 |
| CVE-2025-33181 NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escal... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2212 A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2113 A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3200 A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6621 A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly contr... | 7.3 | HIGH | โ | 0 |
| CVE-2026-1443 A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argument... | 7.3 | HIGH | โ | 0 |
| CVE-2026-1589 A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch cause... | 7.3 | HIGH | โ | 0 |
| CVE-2026-25778 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in pred... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2938 A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3943 A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command... | 7.3 | HIGH | โ | 0 |
| CVE-2026-4231 A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function update_sql/run_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Per... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3693 A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User End... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2013 A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql in... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2217 A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manage_user.php. The manipulation of the argument ID results in sq... | 7.3 | HIGH | โ | 0 |
| CVE-2026-1590 A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sql... | 7.3 | HIGH | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.