CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-25288 Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in ... | 7.8 | HIGH | β | 0 |
| CVE-2025-13192 The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints i... | 8.2 | HIGH | β | 0 |
| CVE-2026-1896 A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migrations/comprehensiveBoardMigration.js of the compo... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1897 A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipu... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1246 The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-1268 The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 du... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1953 Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize u... | N/A | NONE | β | 0 |
| CVE-2026-25198 web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website whe... | N/A | NONE | β | 0 |
| CVE-2025-13416 The ProfileGrid β User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() func... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1319 The Robin Image Optimizer β Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14150 IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server resp... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1523 Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file syst... | N/A | NONE | β | 0 |
| CVE-2025-68721 Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain... | 8.1 | HIGH | β | 0 |
| CVE-2020-37118 P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web p... | 3.5 | LOW | β | 0 |
| CVE-2020-37119 Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37120 Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicio... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37121 CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can c... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-37123 Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37132 UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 3... | 6.2 | MEDIUM | β | 0 |
| CVE-2020-37133 UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string ... | 7.5 | HIGH | β | 0 |
| CVE-2020-37134 UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload ... | 7.5 | HIGH | β | 0 |
| CVE-2020-37136 ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input wi... | 7.5 | HIGH | β | 0 |
| CVE-2020-37137 PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST da... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-37138 10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malici... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37139 Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer ov... | 8.4 | HIGH | β | 0 |
| CVE-2026-0714 A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryptionΒ on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-0715 Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical accessΒ to the device could use this i... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-15557 An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communic... | 8.8 | HIGH | β | 0 |
| CVE-2025-47911 The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HT... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15326 Tanium addressed an improper access controls vulnerability in Patch. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15327 Tanium addressed an improper access controls vulnerability in Deploy. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15328 Tanium addressed an improper link resolution before file access vulnerability in Enforce. | 5.0 | MEDIUM | β | 0 |
| CVE-2025-15329 Tanium addressed an information disclosure vulnerability in Threat Response. | 4.9 | MEDIUM | β | 0 |
| CVE-2025-15330 Tanium addressed an improper input validation vulnerability in Deploy. | 8.8 | HIGH | β | 0 |
| CVE-2025-15331 Tanium addressed an uncontrolled resource consumption vulnerability in Connect. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15332 Tanium addressed an information disclosure vulnerability in Threat Response. | 4.9 | MEDIUM | β | 0 |
| CVE-2025-15333 Tanium addressed an information disclosure vulnerability in Threat Response. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25815 Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key ... | 3.2 | LOW | β | 0 |
| CVE-2025-32393 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68157 Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpackβs HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but... | 3.7 | LOW | β | 0 |
| CVE-2025-68458 Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpackβs HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outs... | 3.7 | LOW | β | 0 |
| CVE-2026-0391 User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21532 Azure Function Information Disclosure Vulnerability | 8.2 | HIGH | β | 0 |
| CVE-2026-24300 Azure Front Door Elevation of Privilege Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1401 The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1808 The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplus_button shortcode in all versions up to... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1888 The Docus β YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient i... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1909 The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-7432 DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions.Β This may allow an attacker to eventually extract secret keys through a DPA attack. | N/A | NONE | β | 0 |
| CVE-2026-24925 Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.