CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-33308 Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension.... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-33852 Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 7.5 | HIGH | — | 0 |
| CVE-2026-4754 CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-4755 CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3138 The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3260 A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes paramete... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-4283 The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accept... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-4627 A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulat... | 7.2 | HIGH | — | 0 |
| CVE-2026-4632 A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Execut... | 7.3 | HIGH | — | 0 |
| CVE-2026-4639 Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating pr... | 8.8 | HIGH | — | 0 |
| CVE-2026-4662 The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter b... | 7.5 | HIGH | — | 0 |
| CVE-2026-4745 Improper Control of Generation of Code ('Code Injection') vulnerability in dendibakh perf-ninja (labs/misc/pgo/lua modules). This vulnerability is associated with program files ldo.C. This issue affe... | N/A | NONE | — | 0 |
| CVE-2026-4746 Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src‎ modules). This vulnerability is associated with program files inflate.C. This issue affects proton: before 1.6.16. | N/A | NONE | — | 0 |
| CVE-2026-33847 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96. | 7.8 | HIGH | — | 0 |
| CVE-2026-33848 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96. | 8.8 | HIGH | — | 0 |
| CVE-2026-33849 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96. | 8.8 | HIGH | — | 0 |
| CVE-2026-33850 Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54. | 7.8 | HIGH | — | 0 |
| CVE-2026-33851 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729. | 7.8 | HIGH | — | 0 |
| CVE-2026-33853 NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33854 Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. | 8.8 | HIGH | — | 0 |
| CVE-2026-33855 Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33856 Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 7.5 | HIGH | — | 0 |
| CVE-2026-4749 NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22719 VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMw... | 8.1 | HIGH | KEV | 0 |
| CVE-2026-21385 Memory corruption while using alignments for memory allocation. | 7.8 | HIGH | KEV | 0 |
| CVE-2026-2441 Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | KEV | 0 |
| CVE-2026-1731 BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted req... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-21514 Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. | 7.8 | HIGH | KEV | 0 |
| CVE-2026-24423 SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the mal... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-40551 SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the h... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-1281 A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-24858 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-20045 A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Pr... | 8.2 | HIGH | KEV | 0 |
| CVE-2026-20805 Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | KEV | 0 |
| CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4694 Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4695 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4697 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4699 Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4702 JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4704 Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4705 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4706 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4708 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4709 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2019-25629 AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicio... | 8.4 | HIGH | — | 0 |
| CVE-2026-4711 Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4713 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4714 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.