CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-54855 fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with othe... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-65783 An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66698 An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints. | 8.6 | HIGH | — | 0 |
| CVE-2025-68789 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-0404 An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on t... | 8.0 | HIGH | — | 0 |
| CVE-2026-0405 An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin. | 7.8 | HIGH | — | 0 |
| CVE-2025-25176 Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-25652 In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. | 7.5 | HIGH | — | 0 |
| CVE-2025-46684 Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially ... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-46685 Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially ... | 7.5 | HIGH | — | 0 |
| CVE-2026-21219 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-58409 Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could... | 3.5 | LOW | — | 0 |
| CVE-2025-58411 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper... | 8.8 | HIGH | — | 0 |
| CVE-2025-64155 An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, F... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-65784 Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68707 An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without prov... | 8.8 | HIGH | — | 0 |
| CVE-2025-10865 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting... | 7.8 | HIGH | — | 0 |
| CVE-2026-20868 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | — | 0 |
| CVE-2026-21226 Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-22791 openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with l... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-37168 Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unau... | 8.2 | HIGH | — | 0 |
| CVE-2025-37170 Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated ... | 7.2 | HIGH | — | 0 |
| CVE-2025-37171 Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated ... | 7.2 | HIGH | — | 0 |
| CVE-2025-37172 Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated ... | 7.2 | HIGH | — | 0 |
| CVE-2025-55252 HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access | 3.1 | LOW | — | 0 |
| CVE-2025-37173 An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an au... | 7.2 | HIGH | — | 0 |
| CVE-2025-37174 Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could all... | 7.2 | HIGH | — | 0 |
| CVE-2025-37175 Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authent... | 7.2 | HIGH | — | 0 |
| CVE-2025-37176 A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Succe... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-37177 An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vuln... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-37178 Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the proce... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-37179 Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the proce... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-68698 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern syste... | 7.5 | HIGH | — | 0 |
| CVE-2025-68701 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2. | 7.5 | HIGH | — | 0 |
| CVE-2025-68702 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes ... | 7.5 | HIGH | — | 0 |
| CVE-2025-68703 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password wil... | 7.5 | HIGH | — | 0 |
| CVE-2025-68704 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. T... | 7.5 | HIGH | — | 0 |
| CVE-2025-14027 Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, an... | N/A | NONE | — | 0 |
| CVE-2025-68925 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed i... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-68931 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and cipher... | 7.5 | HIGH | — | 0 |
| CVE-2026-22809 tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the is... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-22817 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value... | 8.2 | HIGH | — | 0 |
| CVE-2026-22818 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in... | 8.2 | HIGH | — | 0 |
| CVE-2026-0528 Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloa... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-14376 A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been re... | N/A | NONE | — | 0 |
| CVE-2026-0530 Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redu... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0531 Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0543 Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22862 go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed... | 7.5 | HIGH | — | 0 |
| CVE-2026-22868 go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.