CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-47886 Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing mult... | 7.2 | HIGH | β | 0 |
| CVE-2026-26698 code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php. | 4.9 | MEDIUM | β | 0 |
| CVE-2026-26697 code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=. | 4.9 | MEDIUM | β | 0 |
| CVE-2026-1628 Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functional... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-3432 On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` par... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-3431 On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endp... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14532 DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12462 A Blind SQL injection vulnerability has been identified in DobryCMS. Β A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injecti... | N/A | NONE | β | 0 |
| CVE-2025-58406 The CGM CLININET application respond without essential security HTTP headers, exposing users to clientβside attacks such as clickjacking, MIME sniffing, unsafe caching, weak crossβorigin isolation, an... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58405 The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frameβbusting protections were detected. As a result, an ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58402 The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages ... | 7.5 | HIGH | β | 0 |
| CVE-2025-30062 In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection. | N/A | NONE | β | 0 |
| CVE-2025-30044 In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogs... | N/A | NONE | β | 0 |
| CVE-2025-30042 The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verificat... | 7.8 | HIGH | β | 0 |
| CVE-2025-30035 The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any othe... | N/A | NONE | β | 0 |
| CVE-2025-10350 SQL Injection vulnerability in "imageserver" module when processing C-FIND queriesΒ in CGM NETRAAD software allows attacker connected to PACS gaining access to database, includingΒ data processed by GCM... | N/A | NONE | β | 0 |
| CVE-2026-2584 A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially... | N/A | NONE | β | 0 |
| CVE-2026-20445 In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not ne... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-20444 In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User i... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-20443 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-20442 In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not n... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-20441 In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User int... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-20440 In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User int... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-20439 In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not ne... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-20438 In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-20437 In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not neede... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-20436 In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System pri... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-20435 In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no add... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-20434 In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the atta... | 7.5 | HIGH | β | 0 |
| CVE-2026-20430 In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges n... | 8.8 | HIGH | β | 0 |
| CVE-2026-20429 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User i... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-20428 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-20427 In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. ... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-20426 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-20425 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-20424 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User i... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-20423 In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is n... | 7.8 | HIGH | β | 0 |
| CVE-2026-20416 In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User in... | 7.2 | HIGH | β | 0 |
| CVE-2026-3422 U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3413 A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /admin_single_student.php. This manipulation of the argument ID causes sql i... | 7.3 | HIGH | β | 0 |
| CVE-2026-3000 IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remot... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2999 IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15597 A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3412 A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-3411 A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /admin_single_student_update.php. The mani... | 7.3 | HIGH | β | 0 |
| CVE-2026-3410 A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation o... | 7.3 | HIGH | β | 0 |
| CVE-2026-3409 A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component ... | 7.3 | HIGH | β | 0 |
| CVE-2026-3408 A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-3407 A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes he... | 3.3 | LOW | β | 0 |
| CVE-2026-3406 A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manip... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.