CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-20012 A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure ... | 8.6 | HIGH | — | 0 |
| CVE-2026-20004 A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to imp... | 7.4 | HIGH | — | 0 |
| CVE-2026-1917 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-58341 OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can se... | 8.2 | HIGH | — | 0 |
| CVE-2026-4363 GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticat... | 3.7 | LOW | — | 0 |
| CVE-2026-3126 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-33268 Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26830 pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to i... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23514 Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kitew... | 8.8 | HIGH | — | 0 |
| CVE-2025-59707 In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59706 In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32991 In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution. | 9.0 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.