CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-2443 A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In... | 5.3 | MEDIUM | โ | 0 |
| CVE-2025-33042 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-22892 Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker wit... | 4.3 | MEDIUM | โ | 0 |
| CVE-2026-20796 Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via... | 3.1 | LOW | โ | 0 |
| CVE-2026-0872 Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: ... | N/A | NONE | โ | 0 |
| CVE-2025-48023 A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be t... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-48022 A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be t... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-48021 A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be t... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-15520 The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above. | 4.3 | MEDIUM | โ | 0 |
| CVE-2025-48020 A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be t... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-48019 A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be t... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-1924 A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communica... | 8.2 | HIGH | โ | 0 |
| CVE-2026-26257 Rejected reason: Not used | N/A | NONE | โ | 0 |
| CVE-2026-26256 Rejected reason: Not used | N/A | NONE | โ | 0 |
| CVE-2026-26255 Rejected reason: Not used | N/A | NONE | โ | 0 |
| CVE-2026-26254 Rejected reason: Not used | N/A | NONE | โ | 0 |
| CVE-2026-26253 Rejected reason: Not used | N/A | NONE | โ | 0 |
| CVE-2026-26252 Rejected reason: Not used | N/A | NONE | โ | 0 |
| CVE-2026-26251 Rejected reason: Not used | N/A | NONE | โ | 0 |
| CVE-2026-26250 Rejected reason: Not used | N/A | NONE | โ | 0 |
| CVE-2026-26249 Rejected reason: Not used | N/A | NONE | โ | 0 |
| CVE-2026-25108 FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. | 8.8 | HIGH | KEV | 0 |
| CVE-2026-1721 Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HT... | N/A | NONE | โ | 0 |
| CVE-2025-9293 A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network p... | 8.1 | HIGH | โ | 0 |
| CVE-2025-9292 A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing ... | 7.5 | HIGH | โ | 0 |
| CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. | 7.3 | HIGH | โ | 0 |
| CVE-2024-21961 Improper restriction of operations within the bounds of a memory buffer in PCIeยฎ Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack a... | N/A | NONE | โ | 0 |
| CVE-2026-26188 Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control ... | 5.4 | MEDIUM | โ | 0 |
| CVE-2025-70092 A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Nam... | 5.5 | MEDIUM | โ | 0 |
| CVE-2020-37167 ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through theย ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers c... | 8.4 | HIGH | โ | 0 |
| CVE-2019-25342 Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25341 iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25340 SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a ... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25339 GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated char... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25338 DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames t... | 5.3 | MEDIUM | โ | 0 |
| CVE-2019-25337 OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /... | 9.8 | CRITICAL | โ | 0 |
| CVE-2019-25336 SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can ge... | 8.4 | HIGH | โ | 0 |
| CVE-2019-25335 PRO-7070 Hazฤฑr Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both ... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25334 Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a sp... | 6.2 | MEDIUM | โ | 0 |
| CVE-2019-25333 Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit th... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25332 FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft... | 8.4 | HIGH | โ | 0 |
| CVE-2019-25331 AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a speci... | 8.4 | HIGH | โ | 0 |
| CVE-2019-25330 SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25329 FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. Attackers can gener... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25328 XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated cha... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25327 Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and pas... | 9.8 | CRITICAL | โ | 0 |
| CVE-2019-25325 Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. A... | 8.2 | HIGH | โ | 0 |
| CVE-2019-25324 RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn... | 6.1 | MEDIUM | โ | 0 |
| CVE-2019-25323 Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can cra... | 6.1 | MEDIUM | โ | 0 |
| CVE-2019-25322 Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded ... | 7.5 | HIGH | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.