CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-5647 A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argume... | 2.4 | LOW | — | 0 |
| CVE-2026-5648 A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of t... | 7.3 | HIGH | — | 0 |
| CVE-2026-5649 A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint.... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5650 A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in i... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3524 Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and de... | 8.8 | HIGH | — | 0 |
| CVE-2026-30078 OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent wit... | 7.5 | HIGH | — | 0 |
| CVE-2026-5659 A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The m... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5660 A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-25932 GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.... | 7.2 | HIGH | — | 0 |
| CVE-2026-26026 GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-26027 GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 1... | 7.5 | HIGH | — | 0 |
| CVE-2026-26263 GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in ... | 8.1 | HIGH | — | 0 |
| CVE-2026-29047 GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is ... | 7.2 | HIGH | — | 0 |
| CVE-2026-31053 A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple t... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-31058 UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to c... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31059 A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. | N/A | NONE | — | 0 |
| CVE-2026-31060 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of S... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31061 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the ConfigAdvideo function. This vulnerability allows attackers to cause a Denial of... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31062 UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial ... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31063 UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31065 UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31066 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial o... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31067 A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. | 6.8 | MEDIUM | — | 0 |
| CVE-2026-31150 Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-31151 An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources. | N/A | NONE | — | 0 |
| CVE-2026-31153 A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-32602 Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.register) is vulnerable to a race condition that allows an attacker to create multiple user accounts... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-33403 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, a reflected DOM-based XSS vulnerability in taillo... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33404 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL da... | 3.4 | LOW | — | 0 |
| CVE-2026-33406 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoin... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-33510 Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL para... | 8.8 | HIGH | — | 0 |
| CVE-2026-33540 Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate chall... | 7.5 | HIGH | — | 0 |
| CVE-2026-34885 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assist... | 8.5 | HIGH | — | 0 |
| CVE-2026-34897 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-5661 A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remo... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5663 A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performi... | 7.3 | HIGH | — | 0 |
| CVE-2026-5664 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-30078. Reason: This candidate is a reservation duplicate of CVE-2026-30078. Notes: All CVE users should reference C... | N/A | NONE | — | 0 |
| CVE-2024-14032 Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprot... | 7.8 | HIGH | — | 0 |
| CVE-2025-47374 Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47389 Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | 7.8 | HIGH | — | 0 |
| CVE-2025-47390 Memory corruption while preprocessing IOCTL request in JPEG driver. | 7.8 | HIGH | — | 0 |
| CVE-2025-47391 Memory corruption while processing a frame request from user. | 7.8 | HIGH | — | 0 |
| CVE-2025-47392 Memory corruption when decoding corrupted satellite data files with invalid signature offsets. | 8.8 | HIGH | — | 0 |
| CVE-2025-47400 Cryptographic issue while copying data to a destination buffer without validating its size. | 7.1 | HIGH | — | 0 |
| CVE-2026-21367 Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | 7.6 | HIGH | — | 0 |
| CVE-2026-21371 Memory Corruption when retrieving output buffer with insufficient size validation. | 7.8 | HIGH | — | 0 |
| CVE-2026-21372 Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. | 7.8 | HIGH | — | 0 |
| CVE-2026-21373 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | 7.8 | HIGH | — | 0 |
| CVE-2026-21374 Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | 7.8 | HIGH | — | 0 |
| CVE-2026-21375 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.