CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-69988 BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains ac... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1496 Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.Β A malicious actor with access t... | N/A | NONE | β | 0 |
| CVE-2026-32695 Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimi... | 7.7 | HIGH | β | 0 |
| CVE-2002-1621 Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2006-1615 Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether... | N/A | NONE | β | 0 |
| CVE-2026-29871 A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backen... | 7.5 | HIGH | β | 0 |
| CVE-2026-30304 In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by th... | 9.6 | CRITICAL | β | 0 |
| CVE-2026-4955 A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results i... | 7.3 | HIGH | β | 0 |
| CVE-2026-33759 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/playlistsVideos.json.php` endpoint returns the full video contents of any playlist by ID without any au... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33761 WWBN AVideo is an open source video platform. In versions up to and including 26.0, three `list.json.php` endpoints in the Scheduler plugin lack any authentication check, while every other endpoint in... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-4957 A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key Handler. This manip... | 2.7 | LOW | β | 0 |
| CVE-2026-4980 A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:includ... | 6.3 | MEDIUM | β | 0 |
| CVE-2002-1602 Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2026-30534 A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | 8.3 | HIGH | β | 0 |
| CVE-2026-32984 Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulner... | 3.5 | LOW | β | 0 |
| CVE-1999-1570 Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. | N/A | NONE | β | 0 |
| CVE-2026-30576 A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters... | 7.5 | HIGH | β | 0 |
| CVE-2026-30574 A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) excee... | 7.5 | HIGH | β | 0 |
| CVE-2026-4960 A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of t... | 8.8 | HIGH | β | 0 |
| CVE-2025-15612 Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with netwo... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-34364 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `categories.json.php` endpoint, which serves the category listing API, fails to enforce user group-based access ... | 5.3 | MEDIUM | β | 0 |
| CVE-2002-1592 The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote at... | N/A | NONE | β | 0 |
| CVE-2026-26060 Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleetβs password management logic could allow previously issued password reset tokens to remain valid after a user ... | 8.8 | HIGH | β | 0 |
| CVE-2026-29180 Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their... | 8.8 | HIGH | β | 0 |
| CVE-2026-34385 Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enr... | 8.1 | HIGH | β | 0 |
| CVE-2026-34387 Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as roo... | 9.8 | CRITICAL | β | 0 |
| CVE-2006-1248 Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directo... | N/A | NONE | β | 0 |
| CVE-2026-34375 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript... | 8.2 | HIGH | β | 0 |
| CVE-2026-34386 Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Ad... | 8.8 | HIGH | β | 0 |
| CVE-2026-33739 FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin)... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-32241 Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions... | 7.5 | HIGH | β | 0 |
| CVE-2025-47637 Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue affects STAGGS: from n/a through <= 2.11.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-47640 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows SQL... | 9.3 | CRITICAL | β | 0 |
| CVE-2010-4594 The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to cau... | N/A | NONE | β | 0 |
| CVE-2026-33044 Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious n... | 5.4 | MEDIUM | β | 0 |
| CVE-2002-0154 Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain lon... | N/A | NONE | β | 0 |
| CVE-2026-34389 Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated again... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-4975 A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpa... | 8.8 | HIGH | β | 0 |
| CVE-2010-4595 The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass i... | N/A | NONE | β | 0 |
| CVE-2010-3881 arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via ... | N/A | NONE | β | 0 |
| CVE-2010-3972 Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote ... | N/A | NONE | β | 0 |
| CVE-2010-3973 The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary co... | N/A | NONE | β | 0 |
| CVE-2010-4519 Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the... | N/A | NONE | β | 0 |
| CVE-2010-4520 Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator ... | N/A | NONE | β | 0 |
| CVE-2010-4521 Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. | N/A | NONE | β | 0 |
| CVE-2026-30558 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The app... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33903 Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to E... | 6.5 | MEDIUM | β | 0 |
| CVE-2010-4588 The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext ... | N/A | NONE | β | 0 |
| CVE-2026-33904 Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restart... | 6.5 | MEDIUM | β | 0 |
| CVE-2010-4597 Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to e... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.