CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-22832 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22833 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22834 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22835 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22836 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22837 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-10915 The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14829 The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to de... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-40805 Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitima... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-69992 phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40944 A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP... | 7.5 | HIGH | β | 0 |
| CVE-2025-14001 The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in a... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-59020 By exploiting the defVals parameter, attackers could bypass fieldβlevel access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited e... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-59021 Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the userβs own file-mo... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-59022 Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This al... | 8.1 | HIGH | β | 0 |
| CVE-2026-0859 TYPO3's mailβfile spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitr... | 7.8 | HIGH | β | 0 |
| CVE-2025-14507 The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes i... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-9427 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress a... | N/A | NONE | β | 0 |
| CVE-2026-0684 The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permis... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-36640 A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. | 8.8 | HIGH | β | 0 |
| CVE-2025-12548 A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Develo... | 9.0 | CRITICAL | β | 0 |
| CVE-2025-68767 In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the ... | N/A | NONE | β | 0 |
| CVE-2025-68768 In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdir_pre_exit() We have been seeing occasional deadlocks on pernet_ops_rwsem since September i... | N/A | NONE | β | 0 |
| CVE-2025-68769 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_recover_fsync_data() With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd moun... | N/A | NONE | β | 0 |
| CVE-2025-68770 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix XDP_TX path For XDP_TX action in bnxt_rx_xdp(), clearing of the event flags is not correct. __bnxt_poll_work() -> bn... | N/A | NONE | β | 0 |
| CVE-2025-68771 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_fr... | N/A | NONE | β | 0 |
| CVE-2025-68772 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating compression context during writeback Bai, Shuangpeng <sjb7183@psu.edu> reported a bug as below: Oops:... | N/A | NONE | β | 0 |
| CVE-2025-68782 In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset t_task_cdb pointer in error case If allocation of cmd->t_task_cdb fails, it remains NULL but is later derefere... | N/A | NONE | β | 0 |
| CVE-2025-68773 In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large tr... | N/A | NONE | β | 0 |
| CVE-2025-68774 In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create When sync() and link() are called concurrently, both threads may enter ... | N/A | NONE | β | 0 |
| CVE-2025-68775 In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshak... | N/A | NONE | β | 0 |
| CVE-2025-68776 In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() prp_get_untagged_frame() calls __pskb_copy() to create frame->sk... | N/A | NONE | β | 0 |
| CVE-2025-68795 In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOL_GSSET... | N/A | NONE | β | 0 |
| CVE-2025-68968 Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function. | 7.8 | HIGH | β | 0 |
| CVE-2025-68777 In the Linux kernel, the following vulnerability has been resolved: Input: ti_am335x_tsc - fix off-by-one error in wire_order validation The current validation 'wire_order[i] > ARRAY_SIZE(config_pin... | N/A | NONE | β | 0 |
| CVE-2025-68778 In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a direc... | N/A | NONE | β | 0 |
| CVE-2025-68779 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_remove -> mlx5e_psp_unregister mlx5e_nic_cleanup -> ... | N/A | NONE | β | 0 |
| CVE-2025-68780 In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set free_cpus for online runqueues Commit 16b269436b72 ("sched/deadline: Modify cpudl::free_cpus to reflect r... | N/A | NONE | β | 0 |
| CVE-2025-68781 In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otg_event is initialized in fsl_... | N/A | NONE | β | 0 |
| CVE-2025-68783 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices get_meter_levels_from_urb() parses the 64-byte meter packets sent by the d... | N/A | NONE | β | 0 |
| CVE-2025-68784 In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchk_setup_xattr_buf function can allocate a new value buffer, which means that any ref... | N/A | NONE | β | 0 |
| CVE-2025-68785 In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in push_nsh() action The push_nsh() action structure looks like this: OVS_ACTI... | N/A | NONE | β | 0 |
| CVE-2025-68786 In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current i_size (including 0), the code ... | N/A | NONE | β | 0 |
| CVE-2025-68787 In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nr_sendmsg() syzbot reported a memory leak [1]. When function sock_alloc_send_skb() return NULL in nr_... | N/A | NONE | β | 0 |
| CVE-2025-68796 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating zero-sized extent in extent cache As syzbot reported: F2FS-fs (loop0): __update_extent_tree_range: ex... | N/A | NONE | β | 0 |
| CVE-2025-68788 In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access ... | N/A | NONE | β | 0 |
| CVE-2025-68790 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCA_PORTS component Clear hca_devcom_comp in device's private data after unregistering it in LA... | N/A | NONE | β | 0 |
| CVE-2025-68791 In the Linux kernel, the following vulnerability has been resolved: fuse: missing copy_finish in fuse-over-io-uring argument copies Fix a possible reference count leak of payload pages during fuse a... | N/A | NONE | β | 0 |
| CVE-2025-68792 In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in name_size 'name_size' does not have any range checks, and it just directly indexes wit... | N/A | NONE | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.