CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-21376 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | 7.8 | HIGH | — | 0 |
| CVE-2026-21378 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | 7.8 | HIGH | — | 0 |
| CVE-2026-33405 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo() function in queries.js renders d... | 3.1 | LOW | — | 0 |
| CVE-2026-31350 An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parame... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-35045 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows any authentica... | 8.1 | HIGH | — | 0 |
| CVE-2026-35050 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to ... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-35164 Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController... | 8.8 | HIGH | — | 0 |
| CVE-2026-35166 Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-35410 Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vulnerability exists in the login redirection logic. The isLoginRedirectAllowed func... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-6874 A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host c... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-6878 A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate ... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-2951 The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.5 due to insufficient input ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-3844 The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3361 The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl_address' post meta value in versions up to, and including, 2.2.261 due to insufficient input saniti... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-4402 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2026-33887 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisio... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-33891 Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library ... | 7.5 | HIGH | — | 0 |
| CVE-2026-35398 WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25581 i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers ... | 8.2 | HIGH | — | 0 |
| CVE-2018-25231 HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25232 Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25233 WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV c... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25234 SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can past... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25235 NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-4513 A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection... | 6.3 | MEDIUM | — | 0 |
| CVE-2019-25573 Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET... | 7.1 | HIGH | — | 0 |
| CVE-2019-25613 Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a sess... | 7.5 | HIGH | — | 0 |
| CVE-2025-15285 The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() ... | 7.5 | HIGH | — | 0 |
| CVE-2025-14852 The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8. This is due to missing nonce verification on the mdirectorNewslet... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0736 The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_inpost_head_script[synth_header_script]' post meta field in all versions up to, an... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1306 The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1937 The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `yayma... | 7.2 | HIGH | — | 0 |
| CVE-2025-12451 The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 4.0 due to insufficient input sanitization and output ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-3585 The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticat... | 7.5 | HIGH | — | 0 |
| CVE-2026-4626 A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyer_booking.php. The manipulation of the argument Description leads to cr... | 3.5 | LOW | — | 0 |
| CVE-2026-3260 A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes paramete... | 5.9 | MEDIUM | — | 0 |
| CVE-2018-25227 Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-5032 The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processin... | 7.5 | HIGH | — | 0 |
| CVE-2026-35214 Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() withou... | 8.7 | HIGH | — | 0 |
| CVE-2026-35216 Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that conta... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-35218 Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names (tables, views, queries, automations) using Svelte's {@html} directive wi... | 8.7 | HIGH | — | 0 |
| CVE-2025-47374 Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47389 Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | 7.8 | HIGH | — | 0 |
| CVE-2025-47390 Memory corruption while preprocessing IOCTL request in JPEG driver. | 7.8 | HIGH | — | 0 |
| CVE-2026-35460 Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. A... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-35480 go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on I... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-35485 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a web... | N/A | NONE | — | 0 |
| CVE-2026-35487 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-35488 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative p... | 8.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.