CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-27580 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27573 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27501 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27500 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27201 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-27200 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-26997 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-22717 Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the ... | 2.7 | LOW | β | 0 |
| CVE-2026-2880 A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware (for example, app.use('/secret', auth)). When Fastify router no... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-27758 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submi... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-27757 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. A... | 7.1 | HIGH | β | 0 |
| CVE-2026-27756 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. At... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27755 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27754 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictab... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22716 Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certainΒ Workstation processes. | 5.0 | MEDIUM | β | 0 |
| CVE-2026-27753 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interf... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-27752 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe netwo... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-27751 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attacke... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26862 CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuild... | 8.3 | HIGH | β | 0 |
| CVE-2026-26861 CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting (XSS) via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeD... | 8.3 | HIGH | β | 0 |
| CVE-2026-21619 Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Objec... | 7.5 | HIGH | β | 0 |
| CVE-2019-25497 osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send ... | 8.2 | HIGH | β | 0 |
| CVE-2019-25496 osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can mo... | 8.2 | HIGH | β | 0 |
| CVE-2019-25495 osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can sen... | 8.2 | HIGH | β | 0 |
| CVE-2019-25494 Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password... | 8.2 | HIGH | β | 0 |
| CVE-2019-25493 Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requ... | 8.2 | HIGH | β | 0 |
| CVE-2019-25492 Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET reque... | 8.2 | HIGH | β | 0 |
| CVE-2019-25491 Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requ... | 8.2 | HIGH | β | 0 |
| CVE-2019-25490 Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET reques... | 8.2 | HIGH | β | 0 |
| CVE-2019-25489 Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET ... | 8.2 | HIGH | β | 0 |
| CVE-2026-2293 A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25147 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is tak... | 7.1 | HIGH | β | 0 |
| CVE-2026-24488 OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-69437 PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF fi... | 8.7 | HIGH | β | 0 |
| CVE-2026-3304 Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed request... | 7.5 | HIGH | β | 0 |
| CVE-2026-3277 The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2750 Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from al... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-2749 Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-2359 Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection durin... | 7.5 | HIGH | β | 0 |
| CVE-2026-3327 Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enablin... | N/A | NONE | β | 0 |
| CVE-2026-3223 Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer. | 7.8 | HIGH | β | 0 |
| CVE-2026-2751 Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injec... | 8.3 | HIGH | β | 0 |
| CVE-2025-15498 Pro3W CMS if vulnerable toΒ SQL injection attacks.Β Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privil... | N/A | NONE | β | 0 |
| CVE-2025-10990 A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead t... | 7.5 | HIGH | β | 0 |
| CVE-2025-11950 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affect... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-11252 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects w... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2831 The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the βlogidβ parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter a... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-24352 PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24351 PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visit... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-24350 PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the... | 5.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.