CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2013-2094 The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open s... | 8.4 | HIGH | KEV | 0 |
| CVE-2006-1130 Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. | N/A | NONE | β | 0 |
| CVE-2013-0074 Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a cra... | 7.8 | HIGH | KEV | 0 |
| CVE-2025-15458 A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to ... | 7.3 | HIGH | β | 0 |
| CVE-2013-5046 Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, ak... | N/A | NONE | β | 0 |
| CVE-2013-5047 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2013-5048 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2013-5049 Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupt... | N/A | NONE | β | 0 |
| CVE-2013-5051 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio... | N/A | NONE | β | 0 |
| CVE-2013-5052 Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulner... | N/A | NONE | β | 0 |
| CVE-2020-8243 A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | 7.2 | HIGH | KEV | 0 |
| CVE-2013-5054 Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in ... | N/A | NONE | β | 0 |
| CVE-2013-5056 Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,... | N/A | NONE | β | 0 |
| CVE-2013-5057 hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM comp... | N/A | NONE | β | 0 |
| CVE-2019-16256 Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or exec... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-10963 A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Affected is the function sub_4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument del_flag results in comman... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-0580 A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results i... | 3.5 | LOW | β | 0 |
| CVE-2026-0581 A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulat... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-0582 A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to s... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-0583 A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The mani... | 7.3 | HIGH | β | 0 |
| CVE-2026-32030 OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled.... | 7.5 | HIGH | β | 0 |
| CVE-2026-0584 A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argum... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-31953 Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 a... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0585 A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. S... | 7.3 | HIGH | β | 0 |
| CVE-2026-0586 A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulatio... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-21733 Vulnerability in Imagination Technologies Graphics DDK on Linux, Android --Β RESERVED | 7.3 | HIGH | β | 0 |
| CVE-2026-6284 An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-0587 A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the a... | 3.5 | LOW | β | 0 |
| CVE-2026-6314 Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chro... | 8.3 | HIGH | β | 0 |
| CVE-2026-40505 MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ... | 3.3 | LOW | β | 0 |
| CVE-2026-40515 OpenHarness before commitΒ bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attack... | 7.5 | HIGH | β | 0 |
| CVE-2026-40518 ByteDance DeerFlow before commitΒ 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers... | 7.1 | HIGH | β | 0 |
| CVE-2026-33078 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/c... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-41309 Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted im... | 8.2 | HIGH | β | 0 |
| CVE-2026-5488 The ExactMetrics β Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0588 A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the a... | 3.5 | LOW | β | 0 |
| CVE-2026-0589 A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authenti... | 7.3 | HIGH | β | 0 |
| CVE-2026-41319 MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-41324 basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A mali... | 7.5 | HIGH | β | 0 |
| CVE-2026-6947 DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-fo... | 7.5 | HIGH | β | 0 |
| CVE-2026-1949 Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-0487 The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. | N/A | NONE | β | 0 |
| CVE-2013-0488 Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2013-0489 Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. | N/A | NONE | β | 0 |
| CVE-2013-0718 The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local file... | N/A | NONE | β | 0 |
| CVE-2026-6810 The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex_bccf_admin_int_calendar_list.inc.php f... | 5.3 | MEDIUM | β | 0 |
| CVE-2013-0719 The ArtIME Japanese Input application 1.1.2 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses... | N/A | NONE | β | 0 |
| CVE-2013-0720 The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesyste... | N/A | NONE | β | 0 |
| CVE-2013-2300 The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application... | N/A | NONE | β | 0 |
| CVE-2013-0181 Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arb... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.