CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-34523 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-34522 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version ... | 8.1 | HIGH | β | 0 |
| CVE-2026-34124 A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but doe... | N/A | NONE | β | 0 |
| CVE-2026-34122 A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vul... | N/A | NONE | β | 0 |
| CVE-2026-34121 An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON ... | N/A | NONE | β | 0 |
| CVE-2026-34120 A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buff... | N/A | NONE | β | 0 |
| CVE-2026-34119 A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous writeβboundary verificatio... | N/A | NONE | β | 0 |
| CVE-2026-34118 A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6Β in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocatio... | N/A | NONE | β | 0 |
| CVE-2026-33271 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902. | N/A | NONE | β | 0 |
| CVE-2026-32762 Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwarded_values parses the RFC 7239 Forwarded header by splitting on sem... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-28728 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | N/A | NONE | β | 0 |
| CVE-2026-27774 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | N/A | NONE | β | 0 |
| CVE-2026-26962 Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an ... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-5360 A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This... | 3.7 | LOW | β | 0 |
| CVE-2026-5355 A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command i... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5354 A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5353 A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injecti... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5352 A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injecti... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-35388 OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | 2.5 | LOW | β | 0 |
| CVE-2026-35387 OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. | 3.1 | LOW | β | 0 |
| CVE-2026-35386 In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also... | 3.6 | LOW | β | 0 |
| CVE-2026-35385 In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) ... | 7.5 | HIGH | β | 0 |
| CVE-2026-35038 Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability al... | N/A | NONE | β | 0 |
| CVE-2026-34877 An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the seri... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-34831 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When th... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-34830 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly into a reg... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-34829 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a mult... | 7.5 | HIGH | β | 0 |
| CVE-2026-34826 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.get_byte_ranges parses the HTTP Range header without limiting the number of individual byte ranges... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-34786 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules evaluates several header_rules types against the raw URL-encoded PATH_INFO, whil... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-34785 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check... | 7.5 | HIGH | β | 0 |
| CVE-2026-34763 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the dis... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-34230 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.select_best_encoding processes Accept-Encoding values with quadratic time complexity when the head... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-34083 Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where th... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33951 Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers t... | N/A | NONE | β | 0 |
| CVE-2026-33950 Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity.... | 9.4 | CRITICAL | β | 0 |
| CVE-2026-30603 An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script cont... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-26961 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expres... | 3.7 | LOW | β | 0 |
| CVE-2026-26895 User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25212 An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-65114 Apache Traffic Server allows request smuggling if chunked messages are malformed.Β This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommen... | 7.5 | HIGH | β | 0 |
| CVE-2025-58136 A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upg... | 7.5 | HIGH | β | 0 |
| CVE-2026-5351 A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command inject... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5350 A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack... | 8.8 | HIGH | β | 0 |
| CVE-2026-5349 A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based bu... | 8.8 | HIGH | β | 0 |
| CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation o... | 7.5 | HIGH | β | 0 |
| CVE-2026-33746 Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify the cryptographic signature of JWT token... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33691 The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS tha... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-30332 A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a leg... | 7.5 | HIGH | β | 0 |
| CVE-2026-5346 A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulati... | 7.3 | HIGH | β | 0 |
| CVE-2026-5344 A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler.... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.