CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-34405 Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the imageβgeneration component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability t... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-34400 Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API (q=) was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-sup... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-34451 Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in th... | N/A | NONE | β | 0 |
| CVE-2026-34452 The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK v... | N/A | NONE | β | 0 |
| CVE-2026-34533 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc::... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34534 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in CIccMpeSpectral... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34535 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault (SEGV) in CIccTagArray::Cl... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34536 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack overflow (SO) in SIccCalcOp::ArgsUsed()... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34537 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccOpDefEnvVar::Exe... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34539 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow (HBO) in ... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34540 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() whe... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34541 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) via a null-pointer memb... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34542 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow (SBO) in CIccCalculator... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-5249 A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation... | 3.5 | LOW | β | 0 |
| CVE-2026-2480 The WP Shortcodes Plugin β Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute of the `su_box` shortcode in all versions up to, and incl... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-34546 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior (UB) due to division by zero ... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34605 SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynami... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-34547 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior (UB) condition in IccUtil.cpp can be triggered by a crafted... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34548 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path ... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34549 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccUtil.cpp triggered by a craft... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34550 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccProfLib/IccIO.cpp caused by a... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34551 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a null-pointer dereference (NPD) in CIccTagLut16::Write() can be triggered when p... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34554 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow (HBO) in CIccApplyCmmSearch::costFunc() can be triggered v... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34555 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow (SBO) in CIccTagFixedNum<>::GetValues() and a re... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-34556 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow (HBO) in icAnsiToUtf8() in the XML conversion pat... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-5235 A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation c... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5236 A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of th... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5237 A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of the component Parameter Ha... | 7.3 | HIGH | β | 0 |
| CVE-2026-4668 The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort` parameter in the payments listing endpoint in all versions up to, and inclu... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-5238 A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view_employee.php of the component Parameter Handler. Ex... | 7.3 | HIGH | β | 0 |
| CVE-2026-5240 A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the argument statename leads t... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-58342 XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect use... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13855 IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, ... | 7.6 | HIGH | β | 0 |
| CVE-2026-5248 A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such mani... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3775 The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by lowβprivileged users and is not strictly restricted... | 7.8 | HIGH | β | 0 |
| CVE-2026-5251 A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isA... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5252 A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation r... | 3.5 | LOW | β | 0 |
| CVE-2026-5253 A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component edit... | 3.5 | LOW | β | 0 |
| CVE-2026-5254 A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component ... | 3.5 | LOW | β | 0 |
| CVE-2026-21629 The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | 7.3 | HIGH | β | 0 |
| CVE-2026-21630 Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | 8.8 | HIGH | β | 0 |
| CVE-2026-34889 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1879 A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a mani... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-21632 Lack of output escaping for article titles leads to XSS vectors in various locations. | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23898 Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | 7.2 | HIGH | β | 0 |
| CVE-2026-35091 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User ... | 8.2 | HIGH | β | 0 |
| CVE-2026-35093 A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the... | 8.8 | HIGH | β | 0 |
| CVE-2026-3877 A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated vi... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-3532 Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0. | 4.2 | MEDIUM | β | 0 |
| CVE-2026-0748 In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished... | 4.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.