CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-0488 An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the abi... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-60957 OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-25279 Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrar... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-55190 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with p... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-58048 Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary ... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-30220 GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML Externa... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-3710 Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004.Β Update to the late... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-49746 Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-20156 A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulne... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-54381 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerabil... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39700 JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has a... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-29241 Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information,... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints;Β /sqleditor/query_tool/download, where ... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-42957 SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-43779 GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3549 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insuffici... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-23211 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the p... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-32938 SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspa... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRel... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-46616 Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-34612 Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Execu... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-32461 wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-62645 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-22133 WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-31330 SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code int... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-13032 Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3Β on windows allows local attacker to escalate privelages via pool overflow. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-68270 The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they ar... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-4306 Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in w... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-55343 Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txt_depe_codi, busqueda/busqueda.php txt_usua_codi, anexos_lista.php radi_temp, Admin... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-2599 File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastru... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39930 The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-27429 SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-47284 Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-46066 An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37288 A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Secur... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39327 Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-25052 n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify wor... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-20333 A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote a... | 9.9 | CRITICAL | KEV | 0 |
| CVE-2025-66956 Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-51548 Dangerous File Upload vulnerabilities allow upload of malicious scripts.Β Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 9.9 | CRITICAL | β | 0 |
| CVE-2026-34717 OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-49113 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php... | 9.9 | CRITICAL | KEV | 0 |
| CVE-2026-33873 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validatio... | 9.9 | CRITICAL | β | 0 |
| CVE-2009-3616 Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VN... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-66203 StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution (RCE) vulnerability exists in the stream-vault application (SpiritApplication). The application a... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-21415 Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-45387 An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute ar... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37361 The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502) Β Hitachi Vantara Pentaho Business Analytics Server versions before 10... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-25693 There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code ou... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-8950 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automati... | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.