CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-22893 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect S... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2023-26045 NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-1350 A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | 10.0 | CRITICAL | KEV | 0 |
| CVE-2024-44102 A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-4617 Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-37112 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-21574 The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This a... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-21576 ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function t... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-20127 A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, r... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2026-27897 Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-30836 Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through ... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-33054 Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted state_toke... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-56799 Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-33970 Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. | 10.0 | CRITICAL | β | 0 |
| CVE-2026-4692 Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-43242 Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-56829 Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-33975 Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-33972 Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-51567 upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatu... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2024-1403 In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.Β Th... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-46661 IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All ... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-55971 SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-43693 A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-30510 Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-42467 openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be a... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-49291 Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2016-0898 MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were no... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-42450 The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a commo... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-39251 An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-48839 Improper Input Validation vulnerability allows Remote Code Execution.Β Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 10.0 | CRITICAL | β | 0 |
| CVE-2024-5675 Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-51545 Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.Β Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; ... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-51549 Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.Β Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.0... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-51550 Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.Β Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-51551 Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.Β Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-49447 Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2017-8110 www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-6071 PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. | 10.0 | CRITICAL | β | 0 |
| CVE-2015-0565 NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-39008 robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Servic... | 10.0 | CRITICAL | β | 0 |
| CVE-2017-12905 Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | 10.0 | CRITICAL | β | 0 |
| CVE-2020-12389 The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerabi... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-11844 Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. version... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-31351 Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic β AI Content Writer & Generator.This issue affects Copymatic β AI Content Writer & Generator: from n/a through 1.6. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-25600 Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | 10.0 | CRITICAL | β | 0 |
| CVE-2020-14500 Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. | 10.0 | CRITICAL | β | 0 |
| CVE-2020-15188 SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the serv... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-25096 Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-4804 AnΒ unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | 10.0 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.