CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-69565 code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47901 Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22708 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mite... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70085 An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_Fi... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25997 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called f... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2249 METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69563 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69872 DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim appl... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69562 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10969 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24895 FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHPβs CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split ind... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37056 Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP va... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64111 Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve rem... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67325 Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37070 CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a spe... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27744 The SPIP tickets plugin versions prior toΒ 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted reque... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37184 Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-21589 An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1019 Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a spec... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24770 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to o... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64155 An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, F... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68705 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3000 IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remot... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14894 Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malic... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26335 Calero VeraSMART versions prior toΒ 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\we... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50190 Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patch... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26369 eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can s... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62877 Projects using the SUSE Virtualization (Harvester) environment mayΒ expose the OS default ssh login passwordΒ Β if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster o... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to gene... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22189 Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1021 Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68001 Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <=... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-60021 Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14892 The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-35616 A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66277 A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended loc... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-50922 Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can g... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-54330 Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets.... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-54335 eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload maliciou... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24789 An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70149 CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69258 A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supp... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40551 SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the h... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-70892 Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attacke... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8025 Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This iss... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers c... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24371 Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everyt... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70968 FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.