CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-25388 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25389 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES p... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25390 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through m... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-25392 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP paramet... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25393 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient inp... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-27904 IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious a... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-33124 IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-33130 IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-70846 lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password. | 7.1 | HIGH | β | 0 |
| CVE-2026-0102 Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of sto... | 3.1 | LOW | β | 0 |
| CVE-2026-22284 Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-23597 Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could a... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-33249 NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of thi... | 7.8 | HIGH | β | 0 |
| CVE-2025-33250 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informat... | 7.8 | HIGH | β | 0 |
| CVE-2025-33251 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informat... | 7.8 | HIGH | β | 0 |
| CVE-2025-33252 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informat... | 7.8 | HIGH | β | 0 |
| CVE-2025-33253 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability m... | 7.8 | HIGH | β | 0 |
| CVE-2025-60035 A vulnerabilityΒ has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary ... | 7.8 | HIGH | β | 0 |
| CVE-2025-60036 A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary c... | 7.8 | HIGH | β | 0 |
| CVE-2026-25329 Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And S... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14427 The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEm... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14445 The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspot_content' custom field meta in all versions up to, and including, 1.2.9 due to insufficient... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14452 The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3_fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanit... | 7.2 | HIGH | β | 0 |
| CVE-2025-14851 The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input s... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14864 The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14983 The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1043 The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sani... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-1044 The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and ou... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-1047 The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_url' parameter in all versions up to, and including, 0.9.5 due to insufficient input sanitiz... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-1373 The Easy Author Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author_profile_picture_url' parameter in all versions up to, and including, 1.7 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1405 The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and includ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25389 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25391 Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-25393 Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.0... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25394 Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25395 Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25399 Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: f... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25402 Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25404 Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a thro... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25407 Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25408 Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifie... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-22267 Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulne... | 8.1 | HIGH | β | 0 |
| CVE-2026-22268 Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulne... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2716 The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insuffic... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-15559 An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15560 An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able t... | 8.8 | HIGH | β | 0 |
| CVE-2025-15561 An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be namedΒ WTWatch.exe and dr... | 7.8 | HIGH | β | 0 |
| CVE-2025-15562 The server API endpointΒ /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in th... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-15563 Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-9062 Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.Β Β NOTE:... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.