CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-0665 An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall i... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1355 A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another userβs repository migration export due to a missing ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24746 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Quotes functions of InvoicePlan... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-2667 A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The ma... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2668 A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handle... | 7.3 | HIGH | β | 0 |
| CVE-2026-25331 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activit... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-25359 SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit ... | 8.2 | HIGH | β | 0 |
| CVE-2019-25361 Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers c... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25363 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 600... | 7.5 | HIGH | β | 0 |
| CVE-2019-25364 MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 ser... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25365 ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25333 Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.11... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-24743 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Invoice Logo functions of Inv... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-24744 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Invoices functions of InvoicePl... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-27174 MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to contin... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27175 MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double qu... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27176 MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-2649 Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-27177 MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration. U... | 7.2 | HIGH | β | 0 |
| CVE-2026-27178 MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthentic... | 7.2 | HIGH | β | 0 |
| CVE-2026-27179 MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] paramet... | 8.2 | HIGH | β | 0 |
| CVE-2026-27180 MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27181 MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin() method reads gr('mode') from $_REQUEST and assigns i... | 7.5 | HIGH | β | 0 |
| CVE-2026-2669 A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component Use... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2670 A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipul... | 7.2 | HIGH | β | 0 |
| CVE-2026-2672 A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Per... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12811 Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fi... | N/A | NONE | β | 0 |
| CVE-2025-12812 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1 | N/A | NONE | β | 0 |
| CVE-2025-15581 Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application'sΒ HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalatio... | N/A | NONE | β | 0 |
| CVE-2026-24745 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Login Logo functions of Invoi... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-25548 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists in InvoicePlane 1.7.0 through a chained ... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-25594 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Family Name f... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-25595 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Invoice Numbe... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-25596 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Product Unit ... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-26270 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane (latest version) that allow... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-26281 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting (XSS) vulnerability in the Sumex invoice view allows an authenticated ... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-25335 Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2684 A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. ... | 7.3 | HIGH | β | 0 |
| CVE-2026-2686 A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os c... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11706 The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitizati... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-11725 The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-11754 The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and inclu... | 7.5 | HIGH | β | 0 |
| CVE-2025-12027 The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor"... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25337 Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-12448 The Smartsupp β live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-12500 The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-12707 The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied ... | 7.5 | HIGH | β | 0 |
| CVE-2025-12821 The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_act... | 8.8 | HIGH | β | 0 |
| CVE-2025-12845 The Tablesome Table β Contact Form DB β WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing ... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.