CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-48515 Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code exe... | N/A | NONE | β | 0 |
| CVE-2025-48517 Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potenti... | N/A | NONE | β | 0 |
| CVE-2025-52534 Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity. | N/A | NONE | β | 0 |
| CVE-2025-52536 Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity. | N/A | NONE | β | 0 |
| CVE-2026-22805 Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metab... | N/A | NONE | β | 0 |
| CVE-2025-54514 Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. | N/A | NONE | β | 0 |
| CVE-2026-26043 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-26044 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-68492 Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtaine... | N/A | NONE | β | 0 |
| CVE-2025-14892 The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1198 SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the datab... | N/A | NONE | β | 0 |
| CVE-2026-22540 The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also... | N/A | NONE | β | 0 |
| CVE-2026-22541 The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charg... | N/A | NONE | β | 0 |
| CVE-2026-22542 An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service. | N/A | NONE | β | 0 |
| CVE-2025-4675 Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-14343 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Comm... | 7.6 | HIGH | β | 0 |
| CVE-2025-61644 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resourc... | N/A | NONE | β | 0 |
| CVE-2025-68818 In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" This reverts commit 0367076b0817d5c75dfb83001ce7ce... | N/A | NONE | β | 0 |
| CVE-2025-4676 Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.... | 8.8 | HIGH | β | 0 |
| CVE-2025-8307 Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An at... | N/A | NONE | β | 0 |
| CVE-2025-11173 Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1. | N/A | NONE | β | 0 |
| CVE-2026-25015 Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2101 A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary s... | 8.7 | HIGH | β | 0 |
| CVE-2026-23544 Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5. | 8.8 | HIGH | β | 0 |
| CVE-2025-47553 Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25. | 8.8 | HIGH | β | 0 |
| CVE-2026-21488 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Nu... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-21489 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) vulnerabiliti... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-21493 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during ... | 6.6 | MEDIUM | β | 0 |
| CVE-2020-36905 FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the '... | 7.5 | HIGH | β | 0 |
| CVE-2020-36906 P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-36907 Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to ... | 7.5 | HIGH | β | 0 |
| CVE-2020-36910 Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with defa... | 8.8 | HIGH | β | 0 |
| CVE-2020-36912 Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can cra... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36913 All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP G... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie tran... | 7.5 | HIGH | β | 0 |
| CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploi... | 7.5 | HIGH | β | 0 |
| CVE-2020-36916 TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for ... | 8.8 | HIGH | β | 0 |
| CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmiss... | 7.5 | HIGH | β | 0 |
| CVE-2020-36918 iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malic... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-36920 iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can creat... | 8.8 | HIGH | β | 0 |
| CVE-2020-36921 RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple en... | 7.5 | HIGH | β | 0 |
| CVE-2020-36925 Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session ID... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0640 A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. ... | 8.8 | HIGH | β | 0 |
| CVE-2024-30547 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Hea... | 7.1 | HIGH | β | 0 |
| CVE-2024-31088 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPShop.Ru AdsPlace'r β Ad Manager, Inserter, AdSense Ads allows DOM-Based XSS.This issue af... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-39477 Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14942 wolfSSHβs key exchange state machine can be manipulated to leak the clientβs password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. T... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15382 A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequence... | 8.1 | HIGH | β | 0 |
| CVE-2025-32304 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: ... | 8.1 | HIGH | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.