CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-54756 BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest relea... | 8.4 | HIGH | โ | 0 |
| CVE-2025-47345 Cryptographic issue may occur while encrypting license data. | 8.4 | HIGH | โ | 0 |
| CVE-2026-26280 systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbi... | 8.4 | HIGH | โ | 0 |
| CVE-2025-12107 Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful... | 8.4 | HIGH | โ | 0 |
| CVE-2025-12985 IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image. | 8.4 | HIGH | โ | 0 |
| CVE-2019-25483 Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $(... | 8.4 | HIGH | โ | 0 |
| CVE-2025-14115 IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBMยฎ Sterling Connect:Direct for UNIX contains hard-coded credential... | 8.4 | HIGH | โ | 0 |
| CVE-2019-25466 Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. At... | 8.4 | HIGH | โ | 0 |
| CVE-2019-25357 Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attack... | 8.4 | HIGH | โ | 0 |
| CVE-2026-25924 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37042 Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37049 Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the... | 8.4 | HIGH | โ | 0 |
| CVE-2019-25467 Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded pay... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37036 RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payl... | 8.4 | HIGH | โ | 0 |
| CVE-2026-25593 OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were la... | 8.4 | HIGH | โ | 0 |
| CVE-2026-27182 Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. At... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37028 Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can cra... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37029 FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with caref... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37031 Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft... | 8.4 | HIGH | โ | 0 |
| CVE-2025-36384 IBM Db2 for Windowsย 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. | 8.4 | HIGH | โ | 0 |
| CVE-2022-50903 Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37025 Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malici... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37040 Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vu... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37024 Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious pa... | 8.4 | HIGH | โ | 0 |
| CVE-2022-50900 Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured s... | 8.4 | HIGH | โ | 0 |
| CVE-2022-50901 Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path i... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0035 In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of priv... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0037 In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed.... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0034 In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no addit... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0038 In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional executio... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0047 In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0031 In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges nee... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0028 In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privilege... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0025 In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution ... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0029 In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. Us... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0030 In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional executi... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0008 In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interac... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0010 In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges... | 8.4 | HIGH | โ | 0 |
| CVE-2025-48650 In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0011 In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no a... | 8.4 | HIGH | โ | 0 |
| CVE-2025-48619 In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privi... | 8.4 | HIGH | โ | 0 |
| CVE-2025-48605 In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional executio... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0013 In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional ex... | 8.4 | HIGH | โ | 0 |
| CVE-2025-48579 In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional ... | 8.4 | HIGH | โ | 0 |
| CVE-2025-48574 In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privileg... | 8.4 | HIGH | โ | 0 |
| CVE-2025-48582 In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additi... | 8.4 | HIGH | โ | 0 |
| CVE-2025-32313 In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges n... | 8.4 | HIGH | โ | 0 |
| CVE-2025-48602 In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privil... | 8.4 | HIGH | โ | 0 |
| CVE-2025-48636 In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no addit... | 8.4 | HIGH | โ | 0 |
| CVE-2026-0020 In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of priv... | 8.4 | HIGH | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.