CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-62439 An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, Fort... | 4.2 | MEDIUM | β | 0 |
| CVE-2025-55018 An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, For... | 5.8 | MEDIUM | β | 0 |
| CVE-2025-52436 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.... | 8.8 | HIGH | β | 0 |
| CVE-2025-15572 A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has be... | 3.3 | LOW | β | 0 |
| CVE-2025-11004 The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack.Β These APIs ca... | N/A | NONE | β | 0 |
| CVE-2024-54192 An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-7636 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection.This issu... | 8.8 | HIGH | β | 0 |
| CVE-2025-7347 Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers.This issue affects Dinibh Pa... | 8.8 | HIGH | β | 0 |
| CVE-2025-15571 A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference.... | 3.3 | LOW | β | 0 |
| CVE-2025-6967 Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.Thi... | 8.7 | HIGH | β | 0 |
| CVE-2025-15570 A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15569 A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search pa... | 7.0 | HIGH | β | 0 |
| CVE-2025-11537 A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie a... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-2268 The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags`... | 7.5 | HIGH | β | 0 |
| CVE-2026-25656 A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a conf... | 7.8 | HIGH | β | 0 |
| CVE-2026-25655 A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow a... | 7.8 | HIGH | β | 0 |
| CVE-2026-24343 Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to... | 8.8 | HIGH | β | 0 |
| CVE-2026-23906 Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP aut... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23901 Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the ... | 2.5 | LOW | β | 0 |
| CVE-2026-23720 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while pa... | 7.8 | HIGH | β | 0 |
| CVE-2026-23719 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while pars... | 7.8 | HIGH | β | 0 |
| CVE-2026-23718 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while pa... | 7.8 | HIGH | β | 0 |
| CVE-2026-23717 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while pa... | 7.8 | HIGH | β | 0 |
| CVE-2026-23716 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while pa... | 7.8 | HIGH | β | 0 |
| CVE-2026-23715 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while p... | 7.8 | HIGH | β | 0 |
| CVE-2026-22923 A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attack... | 7.8 | HIGH | β | 0 |
| CVE-2026-1922 The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1866 The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitizat... | 7.2 | HIGH | β | 0 |
| CVE-2025-40587 A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in docume... | 7.6 | HIGH | β | 0 |
| CVE-2025-14895 The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to acces... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-52334 A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the ori... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-11242 Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: th... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1722 The WCFM Marketplace β Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the pl... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2099 AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-2098 AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing a... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-2097 Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution... | 8.8 | HIGH | β | 0 |
| CVE-2026-2096 Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2095 Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2094 Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 8.8 | HIGH | β | 0 |
| CVE-2026-2093 Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | 7.5 | HIGH | β | 0 |
| CVE-2025-12063 An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-0996 The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authoriza... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13064 A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a... | 4.5 | MEDIUM | β | 0 |
| CVE-2025-12757 An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. | 4.6 | MEDIUM | β | 0 |
| CVE-2025-11547 AXIS Camera Station Pro contained a flaw toΒ perform a privilege escalation attack on the server as a non-admin user. | 7.8 | HIGH | β | 0 |
| CVE-2025-11142 The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or adm... | 7.1 | HIGH | β | 0 |
| CVE-2026-25981 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25980 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25979 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25978 Rejected reason: Not used | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.