CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-25635 Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL co... | 8.2 | HIGH | — | 0 |
| CVE-2019-25636 Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can sen... | 8.2 | HIGH | — | 0 |
| CVE-2019-25637 X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers ca... | 8.4 | HIGH | — | 0 |
| CVE-2019-25638 Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. A... | 7.1 | HIGH | — | 0 |
| CVE-2019-25647 PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension contr... | 8.8 | HIGH | — | 0 |
| CVE-2025-64998 Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session... | N/A | NONE | — | 0 |
| CVE-2026-33309 Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to th... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-33475 Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repos... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-4684 Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | 7.5 | HIGH | — | 0 |
| CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4686 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4687 Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4688 Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4689 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4709 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4710 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4711 Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4712 Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4713 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4714 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4715 Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4716 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4717 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4718 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4719 Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | N/A | NONE | — | 0 |
| CVE-2026-4720 Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort ... | N/A | NONE | — | 0 |
| CVE-2026-4721 Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that... | N/A | NONE | — | 0 |
| CVE-2026-4722 Privilege escalation in the IPC component. This vulnerability affects Firefox < 149. | 8.8 | HIGH | — | 0 |
| CVE-2026-4723 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149. | N/A | NONE | — | 0 |
| CVE-2026-4724 Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149. | N/A | NONE | — | 0 |
| CVE-2026-4725 Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149. | N/A | NONE | — | 0 |
| CVE-2026-4726 Denial-of-service in the XML component. This vulnerability affects Firefox < 149. | N/A | NONE | — | 0 |
| CVE-2026-4727 Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149. | N/A | NONE | — | 0 |
| CVE-2026-4728 Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149. | N/A | NONE | — | 0 |
| CVE-2026-4729 Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to... | N/A | NONE | — | 0 |
| CVE-2026-33310 Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() syntax within parameter default values appears to be automatically expanded during t... | 8.8 | HIGH | — | 0 |
| CVE-2026-33311 DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied optio... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-71275 Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-29839 DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php. | N/A | NONE | — | 0 |
| CVE-2026-29840 JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filter... | N/A | NONE | — | 0 |
| CVE-2026-21569 This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE (XML External Entity Injection) vulnerability, with a... | N/A | NONE | — | 0 |
| CVE-2026-24838 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include ... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-24839 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This a... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-15536 A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes hea... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15537 A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1125 A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable... | 7.3 | HIGH | — | 0 |
| CVE-2026-1126 A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\d... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-23525 1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting (XSS) vulnerability exists in the 1Panel App Store when viewing application details. Malici... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-23833 ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows den... | 7.5 | HIGH | — | 0 |
| CVE-2026-1171 A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of se... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.