CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-66249 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be ex... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-60012 Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to ApacheΒ Spark 3.1 or later. A request that includes a Sp... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4171 A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/m... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4173 A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updatePro... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4485 A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Search... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32745 In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27091 Missing Authorization vulnerability in UiPress UiPress lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through 3.5.09. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-26982 Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32000 OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-31999 OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execut... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4185 A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4241 A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_co... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3958 A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulation... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4234 A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tabl... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3961 A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4192 A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injec... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3965 A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4513 A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4195 A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4196 A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4197 A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, D... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3966 A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/medi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3967 A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/acti... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4230 A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to s... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3968 A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Suc... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4203 A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4204 A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4205 A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4206 A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, D... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4514 A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a m... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4207 A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4209 A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4210 A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DN... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3992 A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the arg... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4533 A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-24125 Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, newRelativePath) via GraphQL... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4215 A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4013 A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper autho... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4039 A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to co... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4511 A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4554 A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-20165 In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that do... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-30868 OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform stateβchanging operations but are accessible via HTTP GET requests without CSRF ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4548 A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4586 A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4568 A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulatio... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4465 A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injecti... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-33265 In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4571 A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP PO... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4515 A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injec... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.