CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-31795 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory... | 7.8 | HIGH | — | 0 |
| CVE-2026-31792 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentatio... | 7.8 | HIGH | — | 0 |
| CVE-2026-30987 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corrup... | 7.8 | HIGH | — | 0 |
| CVE-2021-47868 WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unq... | 7.8 | HIGH | — | 0 |
| CVE-2026-25187 Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-24873 Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6. | 7.8 | HIGH | — | 0 |
| CVE-2025-33243 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution,... | 7.8 | HIGH | — | 0 |
| CVE-2025-33241 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code ... | 7.8 | HIGH | — | 0 |
| CVE-2025-33240 NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code executio... | 7.8 | HIGH | — | 0 |
| CVE-2025-33239 NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution,... | 7.8 | HIGH | — | 0 |
| CVE-2025-33236 NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalati... | 7.8 | HIGH | — | 0 |
| CVE-2026-24149 NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may ... | 7.8 | HIGH | — | 0 |
| CVE-2026-1283 A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an... | 7.8 | HIGH | — | 0 |
| CVE-2025-69604 An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and F... | 7.8 | HIGH | — | 0 |
| CVE-2026-26200 HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a deni... | 7.8 | HIGH | — | 0 |
| CVE-2019-25308 Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code wi... | 7.8 | HIGH | — | 0 |
| CVE-2025-15310 Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. | 7.8 | HIGH | — | 0 |
| CVE-2025-15319 Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. | 7.8 | HIGH | — | 0 |
| CVE-2025-33234 NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privilege... | 7.8 | HIGH | — | 0 |
| CVE-2026-25546 Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The ... | 7.8 | HIGH | — | 0 |
| CVE-2026-23105 In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make... | 7.8 | HIGH | — | 0 |
| CVE-2020-37030 Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted ... | 7.8 | HIGH | — | 0 |
| CVE-2026-25143 melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell c... | 7.8 | HIGH | — | 0 |
| CVE-2026-23092 In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source When simple_write_to_buffer() succeeds, it returns th... | 7.8 | HIGH | — | 0 |
| CVE-2026-0536 A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code... | 7.8 | HIGH | — | 0 |
| CVE-2026-23083 In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOU_ATTR_IPPROTO. fou_udp_recv() has the same problem mentioned in the previous patch. If FOU_ATTR_IPPROTO... | 7.8 | HIGH | — | 0 |
| CVE-2025-33220 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability m... | 7.8 | HIGH | — | 0 |
| CVE-2025-15311 Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. | 7.8 | HIGH | — | 0 |
| CVE-2020-37100 Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted... | 7.8 | HIGH | — | 0 |
| CVE-2019-25261 AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2019-25288 Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in ... | 7.8 | HIGH | — | 0 |
| CVE-2019-25287 Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Atta... | 7.8 | HIGH | — | 0 |
| CVE-2019-25286 GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the u... | 7.8 | HIGH | — | 0 |
| CVE-2019-25285 Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attacker... | 7.8 | HIGH | — | 0 |
| CVE-2019-25275 BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exp... | 7.8 | HIGH | — | 0 |
| CVE-2019-25274 ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquote... | 7.8 | HIGH | — | 0 |
| CVE-2026-20610 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges. | 7.8 | HIGH | — | 0 |
| CVE-2019-25273 Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted p... | 7.8 | HIGH | — | 0 |
| CVE-2019-25272 TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path i... | 7.8 | HIGH | — | 0 |
| CVE-2019-25271 NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious c... | 7.8 | HIGH | — | 0 |
| CVE-2019-25269 Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevat... | 7.8 | HIGH | — | 0 |
| CVE-2019-25267 Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquo... | 7.8 | HIGH | — | 0 |
| CVE-2026-25585 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.c... | 7.8 | HIGH | — | 0 |
| CVE-2019-25283 Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables... | 7.8 | HIGH | — | 0 |
| CVE-2026-25583 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow v... | 7.8 | HIGH | — | 0 |
| CVE-2026-25582 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (... | 7.8 | HIGH | — | 0 |
| CVE-2019-25293 BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can ex... | 7.8 | HIGH | — | 0 |
| CVE-2019-25281 NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquot... | 7.8 | HIGH | — | 0 |
| CVE-2019-25302 Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can expl... | 7.8 | HIGH | — | 0 |
| CVE-2019-25304 SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit th... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.