CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-50950 Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensiti... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-34306 Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (component: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability all... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-30452 Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-5265 When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total lengt... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32398 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet โ For WooCommerce woo-wallet allows Leveraging Race Conditions.This ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-34315 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0.... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-24957 Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-41062 WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for `objects/aVideoEncoderReceiveImage.json.php` only checks the UR... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36424 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic. | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-47402 Transient DOS when processing a received frame with an excessively large authentication information element. | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36407 IBMยฎ Db2ยฎ is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-12899 A flaw in Zephyrโs network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential info... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36387 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-67973 Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Pho... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-28104 Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a throu... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-67189 A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates m... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-42521 Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategie... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-32223 Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-3773 The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-6080 The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-22740 A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully pro... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-27069 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-4666 The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of `extract($args, EXTR_OVERWRITE)` on user-controlled input in the `edit()` method of `classes/... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-34939 PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-24514 A security issue was discovered in ingress-nginxย where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission co... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-62043 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32460 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting I... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-70311 JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack. | 6.5 | MEDIUM | โ | 0 |
| CVE-2020-37115 GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive info... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-27925 Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-40924 Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32455 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MD... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32454 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a th... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-40889 Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Vers... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32450 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DO... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32449 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32448 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.T... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-39633 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-0948 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 be... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32443 Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooComm... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-14150 IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server resp... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32431 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bul... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32430 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.Th... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-2668 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)ย 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted qu... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32958 SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-39377 The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intende... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32429 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue a... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32941 Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuar... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36001 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL state... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-6833 The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | 6.5 | MEDIUM | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.