CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-6843 A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application a... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-4200 A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/co... | 7.3 | HIGH | — | 0 |
| CVE-2026-4203 A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4204 A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4205 A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5023 A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the f... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4319 A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the arg... | 7.3 | HIGH | — | 0 |
| CVE-2026-4355 A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of t... | 3.5 | LOW | — | 0 |
| CVE-2026-4465 A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injecti... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-32941 Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuar... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-4471 A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin_edit_employee.php. Executing a manipulation of the argumen... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-4472 A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-3861 LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-31431 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associ... | 7.8 | HIGH | — | 0 |
| CVE-2026-4115 A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verifica... | 3.7 | LOW | — | 0 |
| CVE-2026-4550 A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname leads... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-4563 A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4564 A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulati... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-35587 Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation o... | 8.8 | HIGH | — | 0 |
| CVE-2000-5001 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2005-20001 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2008-20002 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2008-20003 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2009-20012 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2010-20110 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2010-20116 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2010-20117 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2010-20118 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2026-31465 In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SB_I_NO_DATA_INTEGRITY superblock flag for fil... | N/A | NONE | — | 0 |
| CVE-2026-31469 In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false A UAF issue occurs when the virtio_net dr... | 7.8 | HIGH | — | 0 |
| CVE-2026-31530 In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parent_port in cxl_detach_ep() cxl_detach_ep() is called during bottom-up removal when all CXL mem... | 7.8 | HIGH | — | 0 |
| CVE-2026-6607 A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consum... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6608 A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. Th... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-41126 BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-41127 BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on wh... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-41129 Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a f... | N/A | NONE | — | 0 |
| CVE-2026-41130 Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the `resource-js` endpoint in Craft CMS allows unauthenticated requests ... | N/A | NONE | — | 0 |
| CVE-2026-1379 The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output esc... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1845 The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output e... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-4126 The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'table_manager' shortcode. The shortcode handler `tablemanage... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4128 The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, which handles the 'tpmcatt... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4131 The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page (wpo_admin_... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-4132 The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient va... | 7.2 | HIGH | — | 0 |
| CVE-2026-6041 The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' (buzz_comments_avatar_image) setting in all versions up to, and including, 0.9.4. This ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-6235 The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugi... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-6246 The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_width' attribute of the 'simple_random_posts' shortcode in all versions up ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-6294 The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplay_option() func... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-6396 The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields() funct... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15551 The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. A... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-3407 A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes he... | 3.3 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.