CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-26381 Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory c... | N/A | NONE | β | 0 |
| CVE-2026-26079 Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled. | 4.7 | MEDIUM | β | 0 |
| CVE-2025-15400 The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. T... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1235 The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1357 The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10912 Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.This issue affects TemizlikYo... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-10913 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS... | 8.3 | HIGH | β | 0 |
| CVE-2025-15440 The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanit... | 7.2 | HIGH | β | 0 |
| CVE-2025-9986 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through ... | 8.2 | HIGH | β | 0 |
| CVE-2025-14560 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authentic... | 7.3 | HIGH | β | 0 |
| CVE-2025-14592 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authentic... | 3.7 | LOW | β | 0 |
| CVE-2025-14594 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenti... | 3.5 | LOW | β | 0 |
| CVE-2025-7659 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal token... | 8.0 | HIGH | β | 0 |
| CVE-2025-8099 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthen... | 7.5 | HIGH | β | 0 |
| CVE-2026-0595 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authentic... | 7.3 | HIGH | β | 0 |
| CVE-2026-1456 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1458 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenti... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-56807 An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We ha... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-56808 A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerabi... | 7.8 | HIGH | β | 0 |
| CVE-2025-30266 A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (Do... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-30269 A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secre... | 8.1 | HIGH | β | 0 |
| CVE-2025-30276 An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have... | 8.8 | HIGH | β | 0 |
| CVE-2025-54163 A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-54169 An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have alrea... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-54170 An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have alread... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-57707 An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they ca... | 8.8 | HIGH | β | 0 |
| CVE-2025-57708 An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to p... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-57709 A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We h... | 8.1 | HIGH | β | 0 |
| CVE-2025-57710 An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerab... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-57711 An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerab... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-61969 Incorrect permission assignment in AMD Β΅Prof may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | N/A | NONE | β | 0 |
| CVE-2026-26010 OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres... | 7.6 | HIGH | β | 0 |
| CVE-2026-26157 A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may wri... | 7.0 | HIGH | β | 0 |
| CVE-2026-26158 A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or s... | 7.0 | HIGH | β | 0 |
| CVE-2024-50617 Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file i... | 7.5 | HIGH | β | 0 |
| CVE-2024-50619 Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access ... | 8.8 | HIGH | β | 0 |
| CVE-2026-26012 vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-26021 set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix t... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25348 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-20623 A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-1356 The Converter for Media β Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::lo... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-20662 An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to v... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-20666 An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20681 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts. | 3.3 | LOW | β | 0 |
| CVE-2026-25676 The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with ... | N/A | NONE | β | 0 |
| CVE-2026-26085 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-26086 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-69752 An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in t... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-70886 An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint | 7.5 | HIGH | β | 0 |
| CVE-2025-54756 BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest relea... | 8.4 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.