CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2016-20028 ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attac... | 4.3 | MEDIUM | โ | 0 |
| CVE-2016-20027 ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanit... | 6.1 | MEDIUM | โ | 0 |
| CVE-2016-20026 ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hard... | 9.8 | CRITICAL | โ | 0 |
| CVE-2016-20025 ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the ... | 8.8 | HIGH | โ | 0 |
| CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable ... | 9.8 | CRITICAL | โ | 0 |
| CVE-2015-20121 Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parame... | 8.2 | HIGH | โ | 0 |
| CVE-2015-20120 Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into ... | 8.2 | HIGH | โ | 0 |
| CVE-2015-20119 Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter ... | 6.4 | MEDIUM | โ | 0 |
| CVE-2015-20118 Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit POST requests to the l... | 7.2 | HIGH | โ | 0 |
| CVE-2015-20117 Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafti... | 5.3 | MEDIUM | โ | 0 |
| CVE-2015-20116 Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upl... | 6.1 | MEDIUM | โ | 0 |
| CVE-2015-20115 Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload f... | 7.2 | HIGH | โ | 0 |
| CVE-2015-20114 Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple param... | 6.1 | MEDIUM | โ | 0 |
| CVE-2015-20113 Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicio... | 5.3 | MEDIUM | โ | 0 |
| CVE-2013-20006 Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users.... | 7.5 | HIGH | โ | 0 |
| CVE-2013-20005 Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers ca... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-4111 A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed... | 7.5 | HIGH | โ | 0 |
| CVE-2026-4105 A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop ... | 6.7 | MEDIUM | โ | 0 |
| CVE-2026-4092 Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with dire... | 8.8 | HIGH | โ | 0 |
| CVE-2026-4063 The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in a... | 4.3 | MEDIUM | โ | 0 |
| CVE-2026-3999 A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations. | N/A | NONE | โ | 0 |
| CVE-2026-3986 The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability... | 6.4 | MEDIUM | โ | 0 |
| CVE-2026-3910 Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi... | 8.8 | HIGH | KEV | 0 |
| CVE-2026-3909 Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | KEV | 0 |
| CVE-2026-3891 The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' ... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-3873 Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0. | 7.2 | HIGH | โ | 0 |
| CVE-2026-3045 The Appointment Booking Calendar โ Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to... | 7.5 | HIGH | โ | 0 |
| CVE-2026-32746 telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-32745 In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings | 6.3 | MEDIUM | โ | 0 |
| CVE-2026-32612 Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inj... | 5.4 | MEDIUM | โ | 0 |
| CVE-2026-32598 OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL โ containing the plaintext reset token โ at INFO log... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32597 PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 ยง4.1.11. When a JWS token contains a crit array li... | 7.5 | HIGH | โ | 0 |
| CVE-2026-32543 Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsiv... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-32487 Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page:... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-32486 Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a ... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-32462 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Mas... | 5.9 | MEDIUM | โ | 0 |
| CVE-2026-32461 Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simpl... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-32460 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting I... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32459 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects Ups... | 8.5 | HIGH | โ | 0 |
| CVE-2026-32458 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <... | 7.6 | HIGH | โ | 0 |
| CVE-2026-32457 Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access C... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-32456 Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1. | 4.3 | MEDIUM | โ | 0 |
| CVE-2026-32455 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MD... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32454 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a th... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32453 Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-32452 Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a thr... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-32451 Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a thr... | 6.3 | MEDIUM | โ | 0 |
| CVE-2026-32450 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DO... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32449 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32448 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.T... | 6.5 | MEDIUM | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.