CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-42363 An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An atta... | 9.3 | CRITICAL | β | 0 |
| CVE-2026-7106 The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscr... | 8.8 | HIGH | β | 0 |
| CVE-2026-3867 An improper ownership management vulnerability has been identified in Moxaβs Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration fil... | N/A | NONE | β | 0 |
| CVE-2026-3868 An improper handling of the length parameter inconsistency vulnerability has been identified in Moxaβs Secure Router.Β Because of improper validation of length parameters in the HTTPS management interf... | N/A | NONE | β | 0 |
| CVE-2026-7099 A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument... | 8.8 | HIGH | β | 0 |
| CVE-2026-7100 A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overfl... | 8.8 | HIGH | β | 0 |
| CVE-2026-7112 A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KE... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-33453 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message h... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-7113 A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The mani... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7122 A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the arg... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7123 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7124 A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Exec... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32688 Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib... | N/A | NONE | β | 0 |
| CVE-2026-40514 SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from Sys... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-7131 A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/... | 7.3 | HIGH | β | 0 |
| CVE-2026-7132 A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-54505 A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality. | N/A | NONE | β | 0 |
| CVE-2026-41462 ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without param... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-41463 ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outsi... | 8.8 | HIGH | β | 0 |
| CVE-2026-7136 A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a mani... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7140 A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argu... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69689 The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploit... | 8.8 | HIGH | β | 0 |
| CVE-2026-25908 Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentia... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-31686 In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct page aligned. But that's not al... | N/A | NONE | β | 0 |
| CVE-2026-31687 In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_drive... | N/A | NONE | β | 0 |
| CVE-2026-31688 In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (... | N/A | NONE | β | 0 |
| CVE-2026-31689 In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edac_mc_alloc() When the mci->pvt_info allocation in edac_mc_alloc() fails, the error path wil... | N/A | NONE | β | 0 |
| CVE-2026-31690 In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol drive... | N/A | NONE | β | 0 |
| CVE-2025-68022 Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin ... | 7.3 | HIGH | β | 0 |
| CVE-2025-68023 Missing Authorization vulnerability in Addonify Addonify β Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68025 Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68028 Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4W... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-30035 The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any othe... | N/A | NONE | β | 0 |
| CVE-2025-30044 In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogs... | N/A | NONE | β | 0 |
| CVE-2025-30062 In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection. | N/A | NONE | β | 0 |
| CVE-2025-12462 A Blind SQL injection vulnerability has been identified in DobryCMS. Β A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injecti... | N/A | NONE | β | 0 |
| CVE-2025-65465 A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-52365 A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system... | 7.8 | HIGH | β | 0 |
| CVE-2025-70995 An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can uploa... | 8.8 | HIGH | β | 0 |
| CVE-2026-3013 Coppermine Photo Gallery in versions 1.6.09 through 1.6.27Β is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow t... | N/A | NONE | β | 0 |
| CVE-2025-70024 An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70041 An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26928 SzafirHostΒ downloads necessary files in the context of the initiating web page.Β When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file ha... | N/A | NONE | β | 0 |
| CVE-2025-69893 A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 h... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-30616 Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, ... | 7.3 | HIGH | β | 0 |
| CVE-2026-30617 LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management i... | 8.6 | HIGH | β | 0 |
| CVE-2026-40155 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-40351 FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attack... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-40279 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes u... | 3.7 | LOW | β | 0 |
| CVE-2026-41314 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires ... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.