CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-32009 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-31942 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-31364 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-31358 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-31145 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-30517 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-29869 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-27941 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-27928 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-27573 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-27569 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-27251 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-26471 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-25049 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-24524 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-24518 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-24492 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-24321 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-24300 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-22845 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20110 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20107 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20098 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20089 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20078 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20066 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20038 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-20007 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2026-21870 BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffe... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-69770 A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file. | 10.0 | CRITICAL | — | 0 |
| CVE-2025-66676 An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-2026 A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26268 Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to impro... | 8.0 | HIGH | — | 0 |
| CVE-2026-26226 beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled valu... | N/A | NONE | — | 0 |
| CVE-2025-70123 An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setu... | 7.5 | HIGH | — | 0 |
| CVE-2025-70122 A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in th... | 7.5 | HIGH | — | 0 |
| CVE-2025-70121 An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request m... | 7.5 | HIGH | — | 0 |
| CVE-2025-1790 Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system. | N/A | NONE | — | 0 |
| CVE-2026-26221 Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70095 A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted p... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-70094 A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-70093 An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. | 7.4 | HIGH | — | 0 |
| CVE-2025-70091 A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Nu... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25531 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not vali... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1578 HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vul... | N/A | NONE | — | 0 |
| CVE-2026-23112 In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU lengt... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23111 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted elemen... | 7.8 | HIGH | — | 0 |
| CVE-2026-1619 Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1... | 8.3 | HIGH | — | 0 |
| CVE-2026-1618 Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. | 8.8 | HIGH | — | 0 |
| CVE-2025-14349 Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by A... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.