CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-34757 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from... | 5.1 | MEDIUM | β | 0 |
| CVE-2026-40447 Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | 5.1 | MEDIUM | β | 0 |
| CVE-2026-33536 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incre... | 5.1 | MEDIUM | β | 0 |
| CVE-2026-34526 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version ... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-29044 EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-35516 LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read response... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-40002 Red Magic 11 Pro (NX809J)Β contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessi... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-33537 Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v (SSRF via `Photo::fromUrl`) contains an incomplete IP validation check that fails to block loopback ad... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-34881 OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and r... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-34165 go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cau... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-4583 A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-4582 A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation lea... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-34983 Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be trigg... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-33294 WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.json.php`) fetches user-supplied thumbnail URLs via `url_get_contents(... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | 5.0 | MEDIUM | β | 0 |
| CVE-2026-39411 LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-a... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-39880 Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configu... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-40256 Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses st... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-5704 A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-34972 OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. From 1.8.0 to 1.13.1, under specific conditions, BatchCheck calls with ... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-34589 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA l... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-39881 Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands wh... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-33440 Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has ... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-33185 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings ... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-3216 Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1. | 5.0 | MEDIUM | β | 0 |
| CVE-2026-35461 Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validat... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-34244 Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission (granted by the per-project "Administration" role) can configure machine translation servic... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-39418 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authentica... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-40917 A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious I... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-40916 A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM ... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-4979 The UsersWP β Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-5175 Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account pro... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-41034 ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass. | 5.0 | MEDIUM | β | 0 |
| CVE-2026-4925 Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication (MFA)... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-3113 Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able ... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-4819 In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana. | 4.9 | MEDIUM | β | 0 |
| CVE-2026-34164 Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox ... | 4.9 | MEDIUM | β | 0 |
| CVE-2021-4474 Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary file... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-31799 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before ve... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-3330 The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'username_search', and 'useremail_search' parameters in all versions up to, and... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-4853 The JetBackup β Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insuffic... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-40962 FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. | 4.9 | MEDIUM | β | 0 |
| CVE-2026-3116 Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. M... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-20174 A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-27673 Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-39811 A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions m... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-34061 nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an elec... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-31927 Anviz CX7 FirmwareΒ is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debu... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-2389 The Complianz β GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the `revert_divs_to_summary` fu... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-22692 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature (... | 4.9 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.