CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-1776 Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary fil... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3288 A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary co... | 8.8 | HIGH | — | 0 |
| CVE-2026-31816 Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpo... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-30240 Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-25960 vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load_from_url_async method due to inconsistent... | 7.1 | HIGH | — | 0 |
| CVE-2026-25737 Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions a... | 8.9 | HIGH | — | 0 |
| CVE-2026-25045 Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR (Insecure Direct Object Reference) due t... | 8.8 | HIGH | — | 0 |
| CVE-2025-70973 ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentic... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-70028 An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | 7.5 | HIGH | — | 0 |
| CVE-2025-15603 A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the ... | 3.7 | LOW | — | 0 |
| CVE-2026-25041 Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configurati... | 7.2 | HIGH | — | 0 |
| CVE-2026-0846 A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files s... | 7.5 | HIGH | — | 0 |
| CVE-2025-70031 An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | 8.8 | HIGH | — | 0 |
| CVE-2025-70030 An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | 7.5 | HIGH | — | 0 |
| CVE-2025-68402 FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. password_verify() is currently being called with a constructed strin... | N/A | NONE | — | 0 |
| CVE-2025-62166 FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed shou... | 7.5 | HIGH | — | 0 |
| CVE-2026-3638 Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted A... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-30140 An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration fil... | 7.5 | HIGH | — | 0 |
| CVE-2025-70032 An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-29023 Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known sta... | 7.3 | HIGH | — | 0 |
| CVE-2025-70039 An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70038 An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code. | 8.8 | HIGH | — | 0 |
| CVE-2025-70034 An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0. | 7.5 | HIGH | — | 0 |
| CVE-2025-70033 An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-70037 An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-15568 A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code executio... | N/A | NONE | — | 0 |
| CVE-2026-3588 A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request. | 7.5 | HIGH | — | 0 |
| CVE-2026-25866 MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening re... | 7.8 | HIGH | — | 0 |
| CVE-2025-70060 An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-70050 An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-70048 An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2. | 7.5 | HIGH | — | 0 |
| CVE-2025-70047 An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2. | 7.5 | HIGH | — | 0 |
| CVE-2025-70046 An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70042 An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70040 An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-14027 In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a fi... | N/A | NONE | — | 0 |
| CVE-2025-70250 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. | 7.5 | HIGH | — | 0 |
| CVE-2025-70243 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. | 7.5 | HIGH | — | 0 |
| CVE-2025-70238 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. | 7.5 | HIGH | — | 0 |
| CVE-2025-70059 An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2025-69648 GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes re... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-69647 GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readel... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-3089 Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2919 Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3819 A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Managemen... | 3.5 | LOW | — | 0 |
| CVE-2026-3038 The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the so... | 7.5 | HIGH | — | 0 |
| CVE-2026-2261 Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the he... | 7.5 | HIGH | — | 0 |
| CVE-2026-21736 Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory. This is caused by improper handling of the me... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-3818 A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injec... | 7.3 | HIGH | — | 0 |
| CVE-2026-3817 A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results i... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.