CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-2629 A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TT... | 7.3 | HIGH | β | 0 |
| CVE-2026-6602 A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The man... | 7.3 | HIGH | β | 0 |
| CVE-2026-27396 Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through ... | 7.3 | HIGH | β | 0 |
| CVE-2026-6596 A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component A... | 7.3 | HIGH | β | 0 |
| CVE-2026-6580 A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipul... | 7.3 | HIGH | β | 0 |
| CVE-2026-6577 A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulatio... | 7.3 | HIGH | β | 0 |
| CVE-2026-6569 A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of... | 7.3 | HIGH | β | 0 |
| CVE-2026-6568 A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Han... | 7.3 | HIGH | β | 0 |
| CVE-2025-67849 A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. W... | 7.3 | HIGH | β | 0 |
| CVE-2026-6562 A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql ... | 7.3 | HIGH | β | 0 |
| CVE-2026-4200 A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/co... | 7.3 | HIGH | β | 0 |
| CVE-2025-52541 A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 7.3 | HIGH | β | 0 |
| CVE-2026-4201 A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com... | 7.3 | HIGH | β | 0 |
| CVE-2026-3969 A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Modul... | 7.3 | HIGH | β | 0 |
| CVE-2026-6621 A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly contr... | 7.3 | HIGH | β | 0 |
| CVE-2026-21248 Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | 7.3 | HIGH | β | 0 |
| CVE-2026-6605 A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Serv... | 7.3 | HIGH | β | 0 |
| CVE-2026-6604 A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modali... | 7.3 | HIGH | β | 0 |
| CVE-2026-6603 A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_... | 7.3 | HIGH | β | 0 |
| CVE-2026-1545 A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can ... | 7.3 | HIGH | β | 0 |
| CVE-2026-1701 A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument... | 7.3 | HIGH | β | 0 |
| CVE-2026-1688 A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument U... | 7.3 | HIGH | β | 0 |
| CVE-2026-5935 IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMCΒ could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due t... | 7.3 | HIGH | β | 0 |
| CVE-2025-14362 The login limit is not enforced on theΒ SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key... | 7.3 | HIGH | β | 0 |
| CVE-2026-35603 Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without val... | 7.3 | HIGH | β | 0 |
| CVE-2026-1687 A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulatio... | 7.3 | HIGH | β | 0 |
| CVE-2026-2012 A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argum... | 7.3 | HIGH | β | 0 |
| CVE-2026-2011 A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument I... | 7.3 | HIGH | β | 0 |
| CVE-2026-24925 Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | 7.3 | HIGH | β | 0 |
| CVE-2026-4191 A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricte... | 7.3 | HIGH | β | 0 |
| CVE-2026-4190 A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. ... | 7.3 | HIGH | β | 0 |
| CVE-2026-2991 The KiviCare β Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the `patientSocialLogin(... | 7.3 | HIGH | β | 0 |
| CVE-2026-2057 A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sq... | 7.3 | HIGH | β | 0 |
| CVE-2026-2217 A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manage_user.php. The manipulation of the argument ID results in sq... | 7.3 | HIGH | β | 0 |
| CVE-2025-67850 A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A rem... | 7.3 | HIGH | β | 0 |
| CVE-2026-2212 A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation... | 7.3 | HIGH | β | 0 |
| CVE-2026-30616 Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, ... | 7.3 | HIGH | β | 0 |
| CVE-2026-6625 A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/j... | 7.3 | HIGH | β | 0 |
| CVE-2026-2199 A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Pe... | 7.3 | HIGH | β | 0 |
| CVE-2026-2198 A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipul... | 7.3 | HIGH | β | 0 |
| CVE-2026-2197 A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of ... | 7.3 | HIGH | β | 0 |
| CVE-2026-2196 A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulatio... | 7.3 | HIGH | β | 0 |
| CVE-2026-2060 A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Perf... | 7.3 | HIGH | β | 0 |
| CVE-2026-6629 A vulnerability has been found in Metasoft ηΎηΉθ½―δ»Ά MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation o... | 7.3 | HIGH | β | 0 |
| CVE-2026-38834 Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary c... | 7.3 | HIGH | β | 0 |
| CVE-2026-1422 A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a ma... | 7.3 | HIGH | β | 0 |
| CVE-2026-3693 A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User End... | 7.3 | HIGH | β | 0 |
| CVE-2026-6635 A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. S... | 7.3 | HIGH | β | 0 |
| CVE-2026-2083 A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in ... | 7.3 | HIGH | β | 0 |
| CVE-2025-68043 Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.