CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2020-37175 P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buff... | 7.5 | HIGH | β | 0 |
| CVE-2020-37176 Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37177 BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payl... | 7.5 | HIGH | β | 0 |
| CVE-2020-37178 KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML... | 7.5 | HIGH | β | 0 |
| CVE-2020-37179 APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character... | 7.5 | HIGH | β | 0 |
| CVE-2020-37180 GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-characte... | 7.5 | HIGH | β | 0 |
| CVE-2025-7015 Session Fixation vulnerability in AkΔ±n Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation.This issue affects QR Menu: before s1.05.12. | 5.7 | MEDIUM | β | 0 |
| CVE-2020-37193 ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared t... | 7.5 | HIGH | β | 0 |
| CVE-2020-37194 Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-characte... | 7.5 | HIGH | β | 0 |
| CVE-2020-37195 BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer paylo... | 7.5 | HIGH | β | 0 |
| CVE-2020-37198 Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generat... | 7.5 | HIGH | β | 0 |
| CVE-2020-37200 NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 100... | 7.5 | HIGH | β | 0 |
| CVE-2020-37201 NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and past... | 7.5 | HIGH | β | 0 |
| CVE-2020-37202 NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buff... | 7.5 | HIGH | β | 0 |
| CVE-2020-37203 Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially ... | 7.5 | HIGH | β | 0 |
| CVE-2020-37213 TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-b... | 7.5 | HIGH | β | 0 |
| CVE-2026-26010 OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres... | 7.6 | HIGH | β | 0 |
| CVE-2026-26157 A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may wri... | 7.0 | HIGH | β | 0 |
| CVE-2026-26158 A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or s... | 7.0 | HIGH | β | 0 |
| CVE-2024-50617 Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file i... | 7.5 | HIGH | β | 0 |
| CVE-2024-50619 Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access ... | 8.8 | HIGH | β | 0 |
| CVE-2026-26012 vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-26021 set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix t... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25348 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-46310 This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system fi... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-64074 A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted se... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-67135 Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-20603 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information. | 4.4 | MEDIUM | β | 0 |
| CVE-2026-20623 A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-1356 The Converter for Media β Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::lo... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-20646 A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information. | 3.3 | LOW | β | 0 |
| CVE-2026-20647 This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20648 A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-15574 When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The pas... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-20667 A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to brea... | 8.8 | HIGH | β | 0 |
| CVE-2026-20669 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20674 A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user inform... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-26215 manga-image-translator versionΒ beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /sim... | N/A | NONE | β | 0 |
| CVE-2026-1729 The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authen... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0969 The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in ... | 8.8 | HIGH | β | 0 |
| CVE-2026-23856 Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A lo... | 7.8 | HIGH | β | 0 |
| CVE-2026-23857 Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local acc... | 8.2 | HIGH | β | 0 |
| CVE-2026-1537 The LatePoint β Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_step() function in a... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-26087 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-26088 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-26089 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-69752 An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in t... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-70886 An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint | 7.5 | HIGH | β | 0 |
| CVE-2025-54756 BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest relea... | 8.4 | HIGH | β | 0 |
| CVE-2023-20601 Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.