CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-22986 In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix race condition for gdev->srcu If two drivers were calling gpiochip_add_data_with_key(), one may be traversing the src... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-1417 A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. ... | 3.3 | LOW | β | 0 |
| CVE-2026-22991 In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its ca... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22992 In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagated... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22993 In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface is... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22994 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpf_prog_test_run_xdp() syzbot is reporting unregister_netdevice: waiting for sit0 to become f... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21721 The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard ... | 8.1 | HIGH | β | 0 |
| CVE-2026-24801 Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). This vulnerability is associated with program files ecc_dsa.C. This issu... | N/A | NONE | β | 0 |
| CVE-2026-22999 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23000 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile change rollback failure mlx5e_netdev_change_profile can fail to attach a new profile and can fail ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-1415 A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to ... | 3.3 | LOW | β | 0 |
| CVE-2026-1416 A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null point... | 3.3 | LOW | β | 0 |
| CVE-2026-24811 Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. This issue affects root. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24812 Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1. | N/A | NONE | β | 0 |
| CVE-2026-1418 A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Suc... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1425 A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-1427 Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 8.8 | HIGH | β | 0 |
| CVE-2026-1428 Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 8.8 | HIGH | β | 0 |
| CVE-2026-1429 Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-0925 Tanium addressed an improper input validation vulnerability in Discover. | 2.7 | LOW | β | 0 |
| CVE-2026-1224 Tanium addressed an uncontrolled resource consumption vulnerability in Discover. | 4.9 | MEDIUM | β | 0 |
| CVE-2025-28164 Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-59472 A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with th... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-24400 AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity (XXE) vulnerability exists in `org... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-24408 sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `... | 0.0 | NONE | β | 0 |
| CVE-2026-24479 HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to pr... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24686 go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string (`repoName`) as a filesystem path component when selecting the loc... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-69421 Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash ... | 7.5 | HIGH | β | 0 |
| CVE-2026-24869 Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2. | 8.8 | HIGH | β | 0 |
| CVE-2025-14911 User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-0918 The Tapo C220 v1 and C520WS v2 camerasβ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL ... | 7.5 | HIGH | β | 0 |
| CVE-2026-0919 The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalidβURL error path continues into cleanup code that assumes allocated ... | 7.5 | HIGH | β | 0 |
| CVE-2025-65887 A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24748 Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the `GetConfig()` API endpoint. This allowed u... | 7.2 | HIGH | β | 0 |
| CVE-2026-24765 PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in ... | 7.8 | HIGH | β | 0 |
| CVE-2026-24783 soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate pro... | 7.5 | HIGH | β | 0 |
| CVE-2025-55292 Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This ... | 8.2 | HIGH | β | 0 |
| CVE-2026-24134 StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Managemen... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24785 Clatter is a no_std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-40552 SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40553 SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the h... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1521 A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Perfo... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1536 A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are t... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-1539 A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization head... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-1522 A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_response of the file src/sgwc/s5c-handler.c of the component SGWC. Executin... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-22243 EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in ... | 8.8 | HIGH | β | 0 |
| CVE-2022-40619 FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticate... | 7.7 | HIGH | β | 0 |
| CVE-2022-40620 FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. A... | 7.7 | HIGH | β | 0 |
| CVE-2026-0749 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 thro... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0750 Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: fr... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.