CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-25633 AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email pre... | 8.4 | HIGH | — | 0 |
| CVE-2016-20037 xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundari... | 8.4 | HIGH | — | 0 |
| CVE-2026-0123 In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional exec... | 8.4 | HIGH | — | 0 |
| CVE-2026-0122 In multiple places, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not n... | 8.4 | HIGH | — | 0 |
| CVE-2026-0118 In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... | 8.4 | HIGH | — | 0 |
| CVE-2019-25681 Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buf... | 8.4 | HIGH | — | 0 |
| CVE-2026-0117 In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges n... | 8.4 | HIGH | — | 0 |
| CVE-2016-20043 NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft... | 8.4 | HIGH | — | 0 |
| CVE-2026-0107 In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. This could lead to local escalation of privilege with no additional execution priv... | 8.4 | HIGH | — | 0 |
| CVE-2025-70802 Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | 8.4 | HIGH | — | 0 |
| CVE-2025-70798 Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | 8.4 | HIGH | — | 0 |
| CVE-2025-36920 In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution... | 8.4 | HIGH | — | 0 |
| CVE-2016-20044 PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malic... | 8.4 | HIGH | — | 0 |
| CVE-2016-20041 Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers c... | 8.4 | HIGH | — | 0 |
| CVE-2016-20042 TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious c... | 8.4 | HIGH | — | 0 |
| CVE-2018-25225 SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers ca... | 8.4 | HIGH | — | 0 |
| CVE-2019-25637 X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers ca... | 8.4 | HIGH | — | 0 |
| CVE-2019-25631 AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellc... | 8.4 | HIGH | — | 0 |
| CVE-2018-25217 PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attacke... | 8.4 | HIGH | — | 0 |
| CVE-2019-25634 Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers ... | 8.4 | HIGH | — | 0 |
| CVE-2016-20038 yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can cr... | 8.4 | HIGH | — | 0 |
| CVE-2019-25626 River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code... | 8.4 | HIGH | — | 0 |
| CVE-2019-25627 FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. ... | 8.4 | HIGH | — | 0 |
| CVE-2026-32920 OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious c... | 8.4 | HIGH | — | 0 |
| CVE-2016-20039 Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers... | 8.4 | HIGH | — | 0 |
| CVE-2019-25629 AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicio... | 8.4 | HIGH | — | 0 |
| CVE-2018-25219 PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in t... | 8.4 | HIGH | — | 0 |
| CVE-2026-32845 cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplyi... | 8.4 | HIGH | — | 0 |
| CVE-2018-25224 PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers c... | 8.4 | HIGH | — | 0 |
| CVE-2026-30289 An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code... | 8.4 | HIGH | — | 0 |
| CVE-2026-35020 Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitra... | 8.4 | HIGH | — | 0 |
| CVE-2019-25670 River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_e... | 8.4 | HIGH | — | 0 |
| CVE-2026-26113 Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | — | 0 |
| CVE-2026-26110 Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | — | 0 |
| CVE-2026-26109 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | — | 0 |
| CVE-2026-30292 An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code e... | 8.4 | HIGH | — | 0 |
| CVE-2026-28793 Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arb... | 8.4 | HIGH | — | 0 |
| CVE-2016-20040 TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an o... | 8.4 | HIGH | — | 0 |
| CVE-2017-20226 Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer ... | 8.4 | HIGH | — | 0 |
| CVE-2026-33980 Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized int... | 8.3 | HIGH | — | 0 |
| CVE-2019-25651 Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 us... | 8.3 | HIGH | — | 0 |
| CVE-2026-32110 SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accept... | 8.3 | HIGH | — | 0 |
| CVE-2026-30534 A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | 8.3 | HIGH | — | 0 |
| CVE-2025-13777 Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | 8.3 | HIGH | — | 0 |
| CVE-2026-0708 A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can ... | 8.3 | HIGH | — | 0 |
| CVE-2026-4064 Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perfo... | 8.3 | HIGH | — | 0 |
| CVE-2025-55262 HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database. | 8.3 | HIGH | — | 0 |
| CVE-2026-1313 The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user... | 8.3 | HIGH | — | 0 |
| CVE-2026-32725 SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in t... | 8.3 | HIGH | — | 0 |
| CVE-2026-0562 A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function i... | 8.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.