CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2020-37141 AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/mail... | 8.2 | HIGH | β | 0 |
| CVE-2026-22549 A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets.Β Note: Software versions which have reached End of Technical Support (EoTS)... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-23040 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and... | N/A | NONE | β | 0 |
| CVE-2026-23041 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., bn... | N/A | NONE | β | 0 |
| CVE-2026-23042 In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport flags do not contain VIRTCHNL2_VPORT_ENABLE_RDMA, dri... | N/A | NONE | β | 0 |
| CVE-2026-23043 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a NULL pointer dereference issue (CID 1666756) in d... | N/A | NONE | β | 0 |
| CVE-2026-23044 In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not ... | N/A | NONE | β | 0 |
| CVE-2026-20056 A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass th... | 4.0 | MEDIUM | β | 0 |
| CVE-2025-71195 In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap max_register The max_register field is assigned the size of the register memory region instead... | N/A | NONE | β | 0 |
| CVE-2025-71196 In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usb... | N/A | NONE | β | 0 |
| CVE-2025-71197 In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' b... | N/A | NONE | β | 0 |
| CVE-2025-71198 In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection The st_lsm6dsx_acc_channels array of struct iio_chan_s... | N/A | NONE | β | 0 |
| CVE-2026-20119 A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial o... | 7.5 | HIGH | β | 0 |
| CVE-2026-23049 In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 pane... | N/A | NONE | β | 0 |
| CVE-2026-23050 In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open() Ben Coddington reports seeing a hang in the following stack trace: ... | N/A | NONE | β | 0 |
| CVE-2026-23051 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane->fb rather th... | N/A | NONE | β | 0 |
| CVE-2026-23052 In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE mul... | N/A | NONE | β | 0 |
| CVE-2026-23053 In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfs_release_folio() Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kth... | N/A | NONE | β | 0 |
| CVE-2024-51451 IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25055 n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating ... | 8.1 | HIGH | β | 0 |
| CVE-2026-25056 n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or mod... | 8.8 | HIGH | β | 0 |
| CVE-2026-25115 n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execut... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-69213 OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when han... | 8.8 | HIGH | β | 0 |
| CVE-2025-69215 OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publica... | 8.8 | HIGH | β | 0 |
| CVE-2026-22044 GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22247 GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in... | 4.1 | MEDIUM | β | 0 |
| CVE-2019-25276 Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. ... | 7.8 | HIGH | β | 0 |
| CVE-2026-25157 OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a s... | 7.7 | HIGH | β | 0 |
| CVE-2026-25160 Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing sto... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-25161 Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation hand... | 8.8 | HIGH | β | 0 |
| CVE-2026-25475 OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and direc... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-39724 IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13375 IBM Common Cryptographic Architecture (CCA)Β 7.5.52 andΒ 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15555 A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The ... | 7.3 | HIGH | β | 0 |
| CVE-2026-25499 Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in esc... | 7.5 | HIGH | β | 0 |
| CVE-2026-25511 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigg... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-25512 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office.... | 8.8 | HIGH | β | 0 |
| CVE-2026-25519 OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins wit... | 8.1 | HIGH | β | 0 |
| CVE-2024-40685 IBM Operations Analytics β Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics β Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allo... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-43181 IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-25575 NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated us... | 7.5 | HIGH | β | 0 |
| CVE-2026-25578 Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code thr... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-25579 Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25582 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (... | 7.8 | HIGH | β | 0 |
| CVE-2026-25583 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow v... | 7.8 | HIGH | β | 0 |
| CVE-2019-25283 Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables... | 7.8 | HIGH | β | 0 |
| CVE-2019-25285 Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attacker... | 7.8 | HIGH | β | 0 |
| CVE-2019-25286 GCafΓ© 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the u... | 7.8 | HIGH | β | 0 |
| CVE-2019-25287 Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Atta... | 7.8 | HIGH | β | 0 |
| CVE-2019-25288 Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in ... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.