CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-0840 A security vulnerability has been detected in UTT θΏε 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argume... | 8.8 | HIGH | β | 0 |
| CVE-2026-0841 A vulnerability was detected in UTT θΏε 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in... | 8.8 | HIGH | β | 0 |
| CVE-2026-0842 A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The at... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-0843 A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-0850 A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argumen... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-0851 A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txt... | 7.3 | HIGH | β | 0 |
| CVE-2026-0852 A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argu... | 7.3 | HIGH | β | 0 |
| CVE-2026-0853 Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status infor... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-69267 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum:... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-69268 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX Ne... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-69269 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69271 Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. | 7.5 | HIGH | β | 0 |
| CVE-2025-69272 Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier. | 7.5 | HIGH | β | 0 |
| CVE-2025-69273 Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. | 7.5 | HIGH | β | 0 |
| CVE-2025-69274 Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. | 8.8 | HIGH | β | 0 |
| CVE-2025-69275 Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-69276 Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. | 8.8 | HIGH | β | 0 |
| CVE-2025-14579 The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-68276 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-68468 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements co... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68471 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-14470 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2026-22252 LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute sh... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-22776 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of c... | 7.5 | HIGH | β | 0 |
| CVE-2026-22781 TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query param... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22783 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability w... | 9.6 | CRITICAL | β | 0 |
| CVE-2026-22784 Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthoriz... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-51567 A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access vi... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-67147 Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key'... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-14021 LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The... | 7.8 | HIGH | β | 0 |
| CVE-2026-22212 TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions w... | N/A | NONE | β | 0 |
| CVE-2026-22804 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix ... | 8.0 | HIGH | β | 0 |
| CVE-2026-0491 SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS comma... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-0493 Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0494 Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidential... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0495 SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impa... | 5.1 | MEDIUM | β | 0 |
| CVE-2026-0496 SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on con... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-0497 SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0499 SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser w... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0501 Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backen... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-0503 Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password a... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0504 Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI oper... | 3.8 | LOW | β | 0 |
| CVE-2026-0507 Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload ... | 8.4 | HIGH | β | 0 |
| CVE-2026-0510 The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attac... | 3.0 | LOW | β | 0 |
| CVE-2026-0511 SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidential... | 8.1 | HIGH | β | 0 |
| CVE-2026-0514 Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redir... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-66177 There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the d... | 8.8 | HIGH | β | 0 |
| CVE-2026-22829 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22830 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.