CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-53968 This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requ... | 7.5 | HIGH | — | 0 |
| CVE-2025-54816 This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this w... | 9.4 | CRITICAL | — | 0 |
| CVE-2025-55705 This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or ... | 7.3 | HIGH | — | 0 |
| CVE-2025-67652 An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust e... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-21264 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network. | 9.3 | CRITICAL | — | 0 |
| CVE-2026-21520 Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector | 7.5 | HIGH | — | 0 |
| CVE-2026-21521 Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network. | 7.4 | HIGH | — | 0 |
| CVE-2026-21524 Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network. | 7.4 | HIGH | — | 0 |
| CVE-2026-24305 Azure Entra ID Elevation of Privilege Vulnerability | 9.3 | CRITICAL | — | 0 |
| CVE-2026-24307 Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network. | 9.3 | CRITICAL | — | 0 |
| CVE-2026-20613 The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or malic... | 7.8 | HIGH | — | 0 |
| CVE-2026-24137 sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-24138 FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggere... | 7.5 | HIGH | — | 0 |
| CVE-2025-15061 Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Frame... | N/A | NONE | — | 0 |
| CVE-2025-15062 Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp... | N/A | NONE | — | 0 |
| CVE-2025-15063 Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. ... | N/A | NONE | — | 0 |
| CVE-2026-0710 A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer derefer... | 8.4 | HIGH | — | 0 |
| CVE-2026-0755 gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Auth... | N/A | NONE | — | 0 |
| CVE-2026-0756 github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanba... | N/A | NONE | — | 0 |
| CVE-2026-0757 MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager... | N/A | NONE | — | 0 |
| CVE-2026-0758 mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-si... | N/A | NONE | — | 0 |
| CVE-2026-0776 Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. ... | N/A | NONE | — | 0 |
| CVE-2026-0759 Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installati... | N/A | NONE | — | 0 |
| CVE-2026-0762 GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Ac... | N/A | NONE | — | 0 |
| CVE-2026-0763 GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected inst... | N/A | NONE | — | 0 |
| CVE-2026-0764 GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academi... | N/A | NONE | — | 0 |
| CVE-2026-0765 Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of... | N/A | NONE | — | 0 |
| CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. A... | N/A | NONE | — | 0 |
| CVE-2026-0767 Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0778 Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations o... | N/A | NONE | — | 0 |
| CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not requ... | N/A | NONE | — | 0 |
| CVE-2026-0769 Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Auth... | N/A | NONE | — | 0 |
| CVE-2026-0770 Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected ins... | N/A | NONE | — | 0 |
| CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors a... | N/A | NONE | — | 0 |
| CVE-2026-0772 Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. A... | N/A | NONE | — | 0 |
| CVE-2026-0773 Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Au... | N/A | NONE | — | 0 |
| CVE-2026-0774 WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Watc... | N/A | NONE | — | 0 |
| CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker mus... | N/A | NONE | — | 0 |
| CVE-2026-0779 ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Au... | 8.8 | HIGH | — | 0 |
| CVE-2026-0780 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0781 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0782 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0783 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0784 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0785 ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Aud... | 8.8 | HIGH | — | 0 |
| CVE-2026-0786 ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Aud... | 8.8 | HIGH | — | 0 |
| CVE-2026-0787 ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Aud... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0788 ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installa... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0789 ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information... | 7.5 | HIGH | — | 0 |
| CVE-2026-1157 A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffe... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.