CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-34834 Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. ... | N/A | NONE | β | 0 |
| CVE-2026-34833 Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON resp... | N/A | NONE | β | 0 |
| CVE-2026-34832 Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege u... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-34825 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables di... | N/A | NONE | β | 0 |
| CVE-2026-34762 Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but neve... | 2.7 | LOW | β | 0 |
| CVE-2026-34761 Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-34760 vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the int... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-14034 Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
| CVE-2026-5429 Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damag... | 7.8 | HIGH | β | 0 |
| CVE-2026-5418 A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientU... | 7.3 | HIGH | β | 0 |
| CVE-2026-5417 A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. This... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-34759 OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoin... | N/A | NONE | β | 0 |
| CVE-2026-34758 OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/Wha... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-34752 Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4. | 7.5 | HIGH | β | 0 |
| CVE-2026-34745 Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the una... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-34743 XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resultin... | N/A | NONE | β | 0 |
| CVE-2026-34742 The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTT... | 8.1 | HIGH | β | 0 |
| CVE-2026-34736 Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verifica... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-34735 The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload() endpoint validates uploaded files by checking their MIME ty... | N/A | NONE | β | 0 |
| CVE-2026-34730 Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _external_data feature allows a template to load YAML files using template-controlled paths. If untru... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-34726 Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _subdirectory setting is documented as the subdirectory to use as the template root. However, the cur... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-34581 goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh f... | 8.1 | HIGH | β | 0 |
| CVE-2026-34426 OpenClaw versions prior to commit b57b680Β contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to in... | 7.6 | HIGH | β | 0 |
| CVE-2026-34425 OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or comple... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-43264 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory. | 8.8 | HIGH | β | 0 |
| CVE-2025-43257 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox. | 8.7 | HIGH | β | 0 |
| CVE-2025-43238 An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system te... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-43236 A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected ap... | 3.3 | LOW | β | 0 |
| CVE-2025-43219 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory. | 8.8 | HIGH | β | 0 |
| CVE-2025-43210 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-43202 This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption. | 8.8 | HIGH | β | 0 |
| CVE-2024-44303 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system. | 7.5 | HIGH | β | 0 |
| CVE-2024-44286 This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device. | 7.5 | HIGH | β | 0 |
| CVE-2024-44250 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated priv... | 8.2 | HIGH | β | 0 |
| CVE-2024-44219 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information. | 7.5 | HIGH | β | 0 |
| CVE-2024-40858 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent. | 7.1 | HIGH | β | 0 |
| CVE-2024-40849 A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox. | 7.5 | HIGH | β | 0 |
| CVE-2023-7342 HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administ... | 8.8 | HIGH | β | 0 |
| CVE-2026-5414 A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argum... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5413 A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argume... | 3.7 | LOW | β | 0 |
| CVE-2026-5370 A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities... | 3.5 | LOW | β | 0 |
| CVE-2026-5368 A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the ... | 7.3 | HIGH | β | 0 |
| CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma chara... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-34835 Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that acce... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-34828 listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessio... | 7.1 | HIGH | β | 0 |
| CVE-2026-34827 Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parser#handle_mime_head parses quoted multipart parameters such as ... | 7.5 | HIGH | β | 0 |
| CVE-2026-34725 DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML... | 8.2 | HIGH | β | 0 |
| CVE-2026-34717 OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-34715 ewe is a Gleam web server. Prior to version 3.0.6, the encode_headers function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without valid... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.