CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-5474 A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Perf... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5472 A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin_panel/settings.php ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5470 A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractCo... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4197 A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, D... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4215 A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4230 A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to s... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-33145 xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5351 A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command inject... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5719 A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the argument code can lead to sql ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5353 A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injecti... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-66483 IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5620 A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed_equip_report.php of the component Parameter Handler. The manipu... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5675 A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borrowed_tool.php of the component Parameter Handler. The manipulation of the ar... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5831 A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipulat... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6488 A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Pa... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6215 A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6202 A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection.... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5670 A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move_uploaded_file of the file /AssignmentSection/submi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5660 A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5659 A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The m... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6143 A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. T... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6141 A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6119 A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request for... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6118 A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulati... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6117 A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endp... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-35360 The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creati... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5649 A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint.... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4515 A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injec... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-62233 Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler:Β Version >= 3.2.0 and < 3.3.1. Attackers who can access the Master... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-35364 A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it throug... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6033 A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fnam... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6030 A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injec... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32128 FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guar... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6010 A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Perfor... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6007 A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injection... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6006 A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edit_hpatient.php. The manipulation of the argument ID le... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3965 A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6005 A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument hem... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3992 A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the arg... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4039 A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to co... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32010 OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --co... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6979 A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5641 A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The man... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-24125 Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, newRelativePath) via GraphQL... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13913 A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5640 A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. Th... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-30868 OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform stateβchanging operations but are accessible via HTTP GET requests without CSRF ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2530 A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command inject... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5205 A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such mani... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4506 A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of the file mindsql/core/mindsql_core.py. Performing a manipulation results in code injection. The attac... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.