CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-24497 Stack-based Buffer Overflow vulnerability in SimTech Systems, Inc. ThinkWise allows Remote Code Inclusion.This issue affects ThinkWise: from 7 through 23. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26791 GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-60021 Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23549 Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25823 HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12549 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Rozy - Flower Shop rozy allows PHP Local File Inclusion.This issue af... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67268 gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25560 WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69269 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69329 Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37162 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malici... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-21656 Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection.Β Insufficient validation of input in certain parameters may ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-21658 Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient vali... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70968 FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22584 Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS:... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25544 Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24352 PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22781 TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query param... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25803 3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first i... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67147 Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key'... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22785 orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporate... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11251 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affec... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22854 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27971 Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15500 A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HT... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40554 SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15501 A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipu... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23978 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This i... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30968 Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Serve... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70161 EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22871 GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10915 The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37161 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37043 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the v... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70314 webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23796 Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication.Β This behaviour enables an attacker to fix a session ID ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-61140 The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1056 The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and includin... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28411 WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite loc... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69991 phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28268 Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password r... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70234 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24789 An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-50919 Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36962 Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36967 Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47774 Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 25... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attacke... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36961 10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file wi... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3266 Missing Authorization vulnerability in OpenTextβ’ Filr allows Authentication Bypass.Β The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. T... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.