CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-25173 Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | 8.0 | HIGH | β | 0 |
| CVE-2026-25174 Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25175 Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25176 Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25177 Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-25189 Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25190 Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25569 A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the in... | 7.4 | HIGH | β | 0 |
| CVE-2026-25570 A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an... | 7.4 | HIGH | β | 0 |
| CVE-2026-25571 A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could ... | 5.1 | MEDIUM | β | 0 |
| CVE-2026-25572 A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could ... | 5.1 | MEDIUM | β | 0 |
| CVE-2026-25573 A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influen... | 7.4 | HIGH | β | 0 |
| CVE-2026-25605 A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could d... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-26141 Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25689 An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, For... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25836 An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profi... | 7.2 | HIGH | β | 0 |
| CVE-2026-25972 An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated atta... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-26105 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | 8.1 | HIGH | β | 0 |
| CVE-2026-26106 Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-26107 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26144 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-26108 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26109 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | β | 0 |
| CVE-2026-26110 Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | β | 0 |
| CVE-2026-26111 Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | 8.0 | HIGH | β | 0 |
| CVE-2026-26112 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26113 Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | β | 0 |
| CVE-2026-26114 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-26115 Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-26116 Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-26117 Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26118 Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-22317 A command injection vulnerability in the deviceβs Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution ... | 7.2 | HIGH | β | 0 |
| CVE-2026-26148 External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally. | 8.1 | HIGH | β | 0 |
| CVE-2026-26738 Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file. | 7.8 | HIGH | β | 0 |
| CVE-2026-27661 A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributor... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2273 CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited co... | N/A | NONE | β | 0 |
| CVE-2026-2724 The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficien... | 7.2 | HIGH | β | 0 |
| CVE-2026-2741 Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 2... | N/A | NONE | β | 0 |
| CVE-2026-3845 Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2. | 8.8 | HIGH | β | 0 |
| CVE-2026-2742 An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1,Β applications using Spring Security due to incons... | N/A | NONE | β | 0 |
| CVE-2026-30897 A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions ... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-30928 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config... | 7.5 | HIGH | β | 0 |
| CVE-2026-30930 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30933 FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tok... | 7.5 | HIGH | β | 0 |
| CVE-2026-3846 Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-30934 FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered ... | 8.9 | HIGH | β | 0 |
| CVE-2026-30938 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1, the requestKeywordDenylist security control can be bypassed b... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-30939 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server proces... | 7.5 | HIGH | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.