CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2018-25292 Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a mal... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25243 FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can pas... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25293 Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional p... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-28866 This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25569 RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception ... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-35480 go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on I... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25595 jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attack... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34552 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) issue in IccTagLut.cpp where the code perform... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34549 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccUtil.cpp triggered by a craft... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25584 RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Att... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25655 Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection d... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25677 WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-20699 A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-3904 Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on i... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25653 Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can ... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25295 ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers c... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25297 Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Came... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25561 Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25601 UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25616 AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into th... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-40117 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skill_path paramete... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25244 Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can p... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25228 NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious co... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25583 RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buff... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25545 Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attack... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25598 HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers c... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25571 MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. At... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25572 NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25485 R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafte... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34548 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25599 Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste... | 6.2 | MEDIUM | β | 0 |
| CVE-2020-37170 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address fi... | 6.2 | MEDIUM | β | 0 |
| CVE-2020-37171 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username ... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-22721 VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative ac... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-61147 strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). | 6.2 | MEDIUM | β | 0 |
| CVE-2026-0005 In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permi... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-36335 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25437 Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-6386 In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the prese... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-28544 Race condition vulnerability in the printing module.Β Impact: Successful exploitation of this vulnerability may affect availability. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-27846 Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the networkΒ to gain access to sensitive information, includi... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-27691 iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication t... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-1439 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include s... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include s... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27191 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27517 Binardat 10G08-0800GSM network switch firmware versionΒ V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-70845 lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the "intro" field is not properly sanitized or escaped. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-1754 The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-2679 Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint,Β which could allow an attacker to ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27210 Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, includin... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.