CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-14472 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3. | 8.1 | HIGH | β | 0 |
| CVE-2025-14840 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 ... | 7.5 | HIGH | β | 0 |
| CVE-2025-61726 The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the n... | 7.5 | HIGH | β | 0 |
| CVE-2025-61728 archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructe... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-37004 Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can expl... | 8.2 | HIGH | β | 0 |
| CVE-2026-1548 A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command inject... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1549 A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component Plugin... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1550 A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the compo... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-24897 Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient vali... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-1551 A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can l... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27069 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-37013 Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious pay... | 8.4 | HIGH | β | 0 |
| CVE-2020-37015 Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameter... | 7.5 | HIGH | β | 0 |
| CVE-2020-37016 BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in... | 7.8 | HIGH | β | 0 |
| CVE-2020-37017 CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary ... | 7.8 | HIGH | β | 0 |
| CVE-2020-37018 GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedde... | 6.4 | MEDIUM | β | 0 |
| CVE-2020-37020 SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe i... | 7.8 | HIGH | β | 0 |
| CVE-2020-37021 10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in s... | 7.8 | HIGH | β | 0 |
| CVE-2025-71008 A segmentation violation in the oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_differentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a cr... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-71009 An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-1498 An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed a... | N/A | NONE | β | 0 |
| CVE-2025-9226 Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. | 4.6 | MEDIUM | β | 0 |
| CVE-2024-4027 A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. Th... | 7.5 | HIGH | β | 0 |
| CVE-2025-4686 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assess... | 8.6 | HIGH | β | 0 |
| CVE-2025-7964 After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a βnetwork leaveβ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state... | N/A | NONE | β | 0 |
| CVE-2026-1686 A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argum... | 8.8 | HIGH | β | 0 |
| CVE-2026-1687 A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulatio... | 7.3 | HIGH | β | 0 |
| CVE-2026-1688 A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument U... | 7.3 | HIGH | β | 0 |
| CVE-2025-2668 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)Β 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted qu... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-36001 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL state... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-36009 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-36070 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)Β 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tab... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-36423 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-37032 Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send... | 8.8 | HIGH | β | 0 |
| CVE-2020-37033 Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulne... | 8.2 | HIGH | β | 0 |
| CVE-2020-37034 HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET re... | 7.5 | HIGH | β | 0 |
| CVE-2020-37035 e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject... | 8.2 | HIGH | β | 0 |
| CVE-2020-37036 RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payl... | 8.4 | HIGH | β | 0 |
| CVE-2020-37038 Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5... | 7.5 | HIGH | β | 0 |
| CVE-2020-37039 Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 800... | 7.5 | HIGH | β | 0 |
| CVE-2020-37040 Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vu... | 8.4 | HIGH | β | 0 |
| CVE-2025-47398 Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. | 7.8 | HIGH | β | 0 |
| CVE-2020-37052 AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injectio... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37053 Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the ... | 7.1 | HIGH | β | 0 |
| CVE-2020-37054 Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrator... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-37056 Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP va... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15510 The NEX-Forms β Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15525 The Ajax Load More β Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1431 The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and in... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-37047 Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can ... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.