CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-1146 A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/api_register_pat... | 3.5 | LOW | β | 0 |
| CVE-2026-1147 A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api_patient_schedule.php. Performing a manipu... | 3.5 | LOW | β | 0 |
| CVE-2026-1148 A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-si... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1149 A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The mani... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1150 A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manip... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1152 A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument co... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-1153 A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack i... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1154 A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipula... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1155 A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument... | 8.8 | HIGH | β | 0 |
| CVE-2026-1181 Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdom... | 9.0 | CRITICAL | β | 0 |
| CVE-2026-1156 A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid ... | 8.8 | HIGH | β | 0 |
| CVE-2025-55251 HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | 3.1 | LOW | β | 0 |
| CVE-2026-1157 A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffe... | 8.8 | HIGH | β | 0 |
| CVE-2026-0610 SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12 | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1007 Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12. | 7.6 | HIGH | β | 0 |
| CVE-2026-1158 A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler... | 8.8 | HIGH | β | 0 |
| CVE-2026-1159 A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /order_online.php. Executing a manipulation of the argume... | 7.3 | HIGH | β | 0 |
| CVE-2008-7149 Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords. | N/A | NONE | β | 0 |
| CVE-2025-11043 An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to p... | 7.4 | HIGH | β | 0 |
| CVE-2025-11044 An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthent... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-68616 WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability a... | 7.5 | HIGH | β | 0 |
| CVE-2026-1160 A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argume... | 7.3 | HIGH | β | 0 |
| CVE-2026-1161 A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. The... | 3.5 | LOW | β | 0 |
| CVE-2026-1162 A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22037 The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path pref... | 8.4 | HIGH | β | 0 |
| CVE-2026-23522 LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows authenticated users to delete files from any knowledg... | 3.7 | LOW | β | 0 |
| CVE-2026-23530 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHe... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23531 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without v... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23532 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP clientβs `gdi_SurfaceToSurface` path due to a mismat... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-52659 HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or informat... | 2.8 | LOW | β | 0 |
| CVE-2025-52660 HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | 2.7 | LOW | β | 0 |
| CVE-2025-52661 HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised. | 2.4 | LOW | β | 0 |
| CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the applicationβs overall security posture and increase its susceptibilit... | 3.5 | LOW | β | 0 |
| CVE-2026-22797 An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-23533 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residu... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23534 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates al... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23625 OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProjectβs road... | 8.7 | HIGH | β | 0 |
| CVE-2026-23884 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update pack... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23646 OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settin... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23721 OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members per... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-23732 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx... | 7.5 | HIGH | β | 0 |
| CVE-2026-23836 HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution o... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-23883 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it aga... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69198 Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) tha... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23838 Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, s... | N/A | NONE | β | 0 |
| CVE-2026-23839 Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. ... | 9.3 | CRITICAL | β | 0 |
| CVE-2026-23840 Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. ... | 9.3 | CRITICAL | β | 0 |
| CVE-2026-23841 Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. ... | 9.3 | CRITICAL | β | 0 |
| CVE-2026-23842 ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database sess... | 7.5 | HIGH | β | 0 |
| CVE-2026-23843 teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct O... | 7.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.