CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-26417 A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts... | 8.1 | HIGH | — | 0 |
| CVE-2026-26416 An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests. | 8.8 | HIGH | — | 0 |
| CVE-2026-26276 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone... | 7.3 | HIGH | — | 0 |
| CVE-2026-26196 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and access_token, which can leak through logs, browser history, and refe... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26195 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handli... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26194 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the r... | 7.3 | HIGH | — | 0 |
| CVE-2026-26022 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerability exists in the comment and issue description functionality. The application's ... | 8.7 | HIGH | — | 0 |
| CVE-2026-25921 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously o... | 9.3 | CRITICAL | — | 0 |
| CVE-2026-24457 An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In s... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-7375 A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This result... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-70616 A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds ... | 7.8 | HIGH | — | 0 |
| CVE-2025-70233 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70232 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70231 D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70230 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70229 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45691 An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs ... | 7.5 | HIGH | — | 0 |
| CVE-2025-13476 Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (D... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-30798 Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Hea... | 7.5 | HIGH | — | 0 |
| CVE-2026-30797 Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API... | N/A | NONE | — | 0 |
| CVE-2026-30796 Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing At... | N/A | NONE | — | 0 |
| CVE-2026-30795 Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing At... | N/A | NONE | — | 0 |
| CVE-2026-30794 Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the... | N/A | NONE | — | 0 |
| CVE-2026-30793 Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privil... | N/A | NONE | — | 0 |
| CVE-2026-30792 A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application ... | N/A | NONE | — | 0 |
| CVE-2026-30790 Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on W... | N/A | NONE | — | 0 |
| CVE-2026-30789 Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, And... | N/A | NONE | — | 0 |
| CVE-2026-30785 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client ... | N/A | NONE | — | 0 |
| CVE-2026-30784 Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvo... | N/A | NONE | — | 0 |
| CVE-2026-30783 A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse... | N/A | NONE | — | 0 |
| CVE-2026-26377 Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25048 xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This i... | 7.5 | HIGH | — | 0 |
| CVE-2025-64166 Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The issue arises from incorrect parsing of the Content-Type heade... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-3598 Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export mod... | N/A | NONE | — | 0 |
| CVE-2026-30791 Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, ... | 7.5 | HIGH | — | 0 |
| CVE-2026-27750 Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan ... | 7.8 | HIGH | — | 0 |
| CVE-2026-27749 Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privil... | 7.8 | HIGH | — | 0 |
| CVE-2026-27748 Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\... | 7.8 | HIGH | — | 0 |
| CVE-2025-69534 Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Ma... | 7.5 | HIGH | — | 0 |
| CVE-2026-1720 The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability ... | 8.8 | HIGH | — | 0 |
| CVE-2026-2599 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3236 In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-21628 A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1605 In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding r... | 7.5 | HIGH | — | 0 |
| CVE-2025-11143 The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security ... | 3.7 | LOW | — | 0 |
| CVE-2026-28551 Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.7 | MEDIUM | — | 0 |
| CVE-2026-28549 Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-28548 Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.1 | HIGH | — | 0 |
| CVE-2026-28547 Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.8 | MEDIUM | — | 0 |
| CVE-2026-28546 Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.