CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-14999 The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15000 The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βpage_keyβ parameter in all versions up to, and including, 1.3.3 due to insufficient input sanitization and outp... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-15018 The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'random_p... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-47552 Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68637 The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle C... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-69080 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from ... | 8.1 | HIGH | β | 0 |
| CVE-2025-69081 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue ... | 8.1 | HIGH | β | 0 |
| CVE-2025-69082 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3. | 7.1 | HIGH | β | 0 |
| CVE-2025-69333 Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-69344 Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through 6.6. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-9611 Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victimβs web brows... | N/A | NONE | β | 0 |
| CVE-2026-0628 Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privi... | 8.8 | HIGH | β | 0 |
| CVE-2026-0643 A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the... | 7.3 | HIGH | β | 0 |
| CVE-2025-6225 Kieback&Peter Neutrino-GLT product is used for building management. It's web componentΒ "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with lo... | N/A | NONE | β | 0 |
| CVE-2026-20026 Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak se... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-20027 Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensiti... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-20029 A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrat... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-22535 An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the b... | N/A | NONE | β | 0 |
| CVE-2026-22536 The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions | N/A | NONE | β | 0 |
| CVE-2026-22537 The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker. | N/A | NONE | β | 0 |
| CVE-2026-22543 The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handl... | N/A | NONE | β | 0 |
| CVE-2026-22544 An attacker with a network connection could detect credentials in clear text. | N/A | NONE | β | 0 |
| CVE-2025-4677 Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card P... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21495 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22587 Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fi... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21506 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21678 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buff... | 7.8 | HIGH | β | 0 |
| CVE-2026-21679 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buff... | 8.8 | HIGH | β | 0 |
| CVE-2026-21680 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22539 As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6. | N/A | NONE | β | 0 |
| CVE-2025-64305 MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68705 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14279 MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to b... | N/A | NONE | β | 0 |
| CVE-2025-69264 pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scrip... | 8.8 | HIGH | β | 0 |
| CVE-2026-21683 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2026-21684 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | β | 0 |
| CVE-2026-21685 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | β | 0 |
| CVE-2026-21686 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | β | 0 |
| CVE-2026-21687 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | β | 0 |
| CVE-2026-22046 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2026-22047 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. ... | 7.5 | HIGH | β | 0 |
| CVE-2017-20212 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input paramete... | 6.2 | MEDIUM | β | 0 |
| CVE-2017-20213 FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can e... | 7.5 | HIGH | β | 0 |
| CVE-2025-61246 indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25270 SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exp... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25278 FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle att... | 5.9 | MEDIUM | β | 0 |
| CVE-2019-25279 FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can direct... | 7.5 | HIGH | β | 0 |
| CVE-2019-25280 Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code i... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25282 V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redire... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.