CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-26367 eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete ar... | 8.1 | HIGH | β | 0 |
| CVE-2026-26368 eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the ... | 8.8 | HIGH | β | 0 |
| CVE-2026-26369 eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can s... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2525 A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched rem... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-25384 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unval... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-2532 A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address H... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-25325 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Dat... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-59903 Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-59904 Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and execut... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-59905 Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint β/node/kudaby/nodeFN/procedureβ. This flaw allows the injection of arbitrar... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-2415 Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-2451 Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2452 Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2552 A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePa... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-1333 A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow... | 7.8 | HIGH | β | 0 |
| CVE-2026-1334 An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attack... | 7.8 | HIGH | β | 0 |
| CVE-2026-1335 An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attac... | 7.8 | HIGH | β | 0 |
| CVE-2019-25385 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-65715 An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace. | 7.8 | HIGH | β | 0 |
| CVE-2025-65716 An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file. | 8.8 | HIGH | β | 0 |
| CVE-2025-65717 An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-26930 SmarterTools SmarterMail before 9526 allows XSS via MAPI requests. | 7.2 | HIGH | β | 0 |
| CVE-2019-25378 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters inc... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25379 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attac... | 7.2 | HIGH | β | 0 |
| CVE-2019-25380 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multipl... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25381 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvali... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25382 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25383 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through mult... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-55271 A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically... | 3.5 | LOW | β | 0 |
| CVE-2019-25386 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unv... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25387 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25388 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25389 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES p... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25390 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through m... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-25392 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP paramet... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25393 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient inp... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-13691 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system. | 8.1 | HIGH | β | 0 |
| CVE-2025-14289 IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-36376 IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | β | 0 |
| CVE-2025-36377 IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | β | 0 |
| CVE-2025-36379 IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-23595 An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Succ... | 8.8 | HIGH | β | 0 |
| CVE-2026-23596 A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt ser... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-71227 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71228 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-23211 In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swap_space attr aviod kernel panic commit 8b47299a411a ("mm, swap: mark swap address space ro and add context de... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23212 In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->target_last_arp_rx[...] can be read and written lockl... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-23213 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset During Mode 1 reset, the ASIC undergoes a reset cycle and becomes temporar... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-27099 Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a... | 8.0 | HIGH | β | 0 |
| CVE-2025-71234 In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add The driver does not set hw->sta_data_size, which causes mac80211 to all... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.