CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-25454 phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27119 svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the server-side rendering output of an <option> element does not properly escape its content, potentially al... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27121 svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes f... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27122 svelte performance oriented web framework. Prior to 5.51.5, when using <svelte:element this={tag}> in server-side rendering, the provided tag name is not validated or sanitized before being emitted in... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-26892 Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php. | 7.2 | HIGH | β | 0 |
| CVE-2026-27125 svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements (e.g. <div {...attrs}>) enumerates inherited properties from the object's prototyp... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-27133 Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-2033 MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflo... | N/A | NONE | β | 0 |
| CVE-2026-2034 Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DIC... | N/A | NONE | β | 0 |
| CVE-2026-2035 Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations... | N/A | NONE | β | 0 |
| CVE-2026-2036 GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Arc... | N/A | NONE | β | 0 |
| CVE-2019-25433 XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET req... | 8.2 | HIGH | β | 0 |
| CVE-2026-2037 GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Arch... | N/A | NONE | β | 0 |
| CVE-2026-2038 GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authent... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2039 GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authen... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2040 PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations o... | N/A | NONE | β | 0 |
| CVE-2026-2041 Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagio... | 8.8 | HIGH | β | 0 |
| CVE-2026-2042 Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authe... | 8.8 | HIGH | β | 0 |
| CVE-2026-2043 Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations o... | 8.8 | HIGH | β | 0 |
| CVE-2026-2044 GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction... | N/A | NONE | β | 0 |
| CVE-2026-2045 GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction ... | N/A | NONE | β | 0 |
| CVE-2026-2047 GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inte... | N/A | NONE | β | 0 |
| CVE-2026-2048 GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction ... | N/A | NONE | β | 0 |
| CVE-2026-2490 RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of ... | N/A | NONE | β | 0 |
| CVE-2026-2492 TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorF... | N/A | NONE | β | 0 |
| CVE-2026-2635 MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not requi... | N/A | NONE | β | 0 |
| CVE-2026-27134 Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA wit... | 8.1 | HIGH | β | 0 |
| CVE-2026-27146 GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious ... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-27147 GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload funct... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27161 GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is... | 7.5 | HIGH | β | 0 |
| CVE-2026-27168 SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser'... | 8.8 | HIGH | β | 0 |
| CVE-2026-27169 OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces usin... | 8.9 | HIGH | β | 0 |
| CVE-2026-27170 OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavio... | 7.1 | HIGH | β | 0 |
| CVE-2026-27189 OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persis... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-27202 GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of... | 7.5 | HIGH | β | 0 |
| CVE-2026-27203 eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the ... | 8.3 | HIGH | β | 0 |
| CVE-2025-65995 When a DAG failed during parsing, Airflowβs error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-27191 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27192 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing att... | 8.1 | HIGH | β | 0 |
| CVE-2026-27193 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-27194 D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulne... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27197 Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to ta... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-27527 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27528 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27529 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27530 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27531 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27532 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-2860 A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeControll... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-26045 A flaw was identified in Moodleβs backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead... | 7.2 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.