CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-0791 ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected install... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0792 ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected insta... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0793 ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0794 ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0795 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | β | 0 |
| CVE-2026-24529 Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0796 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | β | 0 |
| CVE-2025-15522 The Uncanny Automator β Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automator_discord_user_mapping shortc... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-3839 A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those ha... | 8.0 | HIGH | β | 0 |
| CVE-2026-24334 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24335 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24336 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24337 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24338 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24339 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24340 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24341 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24342 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-14069 The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to, and including, 1.54... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14745 The RSS Aggregator β RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all vers... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0927 The KiviCare β Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all ve... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-11976 The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action tha... | 7.3 | HIGH | β | 0 |
| CVE-2026-24515 In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | 2.9 | LOW | β | 0 |
| CVE-2026-1363 IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web fro... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1364 IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22271 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with r... | 7.5 | HIGH | β | 0 |
| CVE-2025-46699 Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with rem... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-22273 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access... | 8.8 | HIGH | β | 0 |
| CVE-2026-22274 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenti... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22275 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with ... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-22276 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local ac... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-2204 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-14866 The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary... | 8.8 | HIGH | β | 0 |
| CVE-2025-4319 Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute ... | 9.4 | CRITICAL | β | 0 |
| CVE-2025-4320 Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass,... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-0914 The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficie... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13921 The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the '... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-69907 An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can... | 7.5 | HIGH | β | 0 |
| CVE-2026-0994 A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any message... | N/A | NONE | β | 0 |
| CVE-2026-24521 Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-24522 Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through <... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-24523 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affe... | 7.5 | HIGH | β | 0 |
| CVE-2026-24525 Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-24526 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-optio... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24528 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a t... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24534 Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <=... | 8.8 | HIGH | β | 0 |
| CVE-2026-24535 Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-24536 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects... | 7.5 | HIGH | β | 0 |
| CVE-2026-24539 Missing Authorization vulnerability in ABCdatos ProtecciΓ³n de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protec... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1157 A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffe... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.