CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-21918 A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS)... | 7.5 | HIGH | β | 0 |
| CVE-2026-21920 An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX... | 7.5 | HIGH | β | 0 |
| CVE-2026-21921 A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of... | 6.5 | MEDIUM | β | 0 |
| CVE-2011-10041 Uploadify WordPress plugin versions up to and including 1.0Β contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker... | N/A | NONE | β | 0 |
| CVE-2023-7334 Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted reques... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67822 A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass ... | 9.4 | CRITICAL | β | 0 |
| CVE-2026-22863 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive ... | 7.5 | HIGH | β | 0 |
| CVE-2025-67823 A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scri... | 8.2 | HIGH | β | 0 |
| CVE-2026-0915 Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to v... | 7.5 | HIGH | β | 0 |
| CVE-2026-1008 A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML ... | 7.6 | HIGH | β | 0 |
| CVE-2026-1009 A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScr... | 9.0 | CRITICAL | β | 0 |
| CVE-2026-1010 A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can ... | 8.0 | HIGH | β | 0 |
| CVE-2026-22045 Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path c... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-22864 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned pathβs extension matched .... | 8.1 | HIGH | β | 0 |
| CVE-2020-36926 SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/fr... | 7.5 | HIGH | β | 0 |
| CVE-2020-36927 DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can explo... | 7.8 | HIGH | β | 0 |
| CVE-2020-36928 Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x... | 7.8 | HIGH | β | 0 |
| CVE-2020-36929 Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exp... | 7.8 | HIGH | β | 0 |
| CVE-2020-36930 SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq... | 7.8 | HIGH | β | 0 |
| CVE-2025-47555 Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a... | 8.1 | HIGH | β | 0 |
| CVE-2021-47780 Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly con... | 7.8 | HIGH | β | 0 |
| CVE-2021-47783 Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the mu... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-47785 Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47786 Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buff... | 7.5 | HIGH | β | 0 |
| CVE-2021-47787 TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path seg... | 7.8 | HIGH | β | 0 |
| CVE-2021-47788 WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language inst... | 8.8 | HIGH | β | 0 |
| CVE-2021-47805 Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq... | 7.8 | HIGH | β | 0 |
| CVE-2021-47789 Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sendin... | 7.5 | HIGH | β | 0 |
| CVE-2021-47790 Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured servic... | 7.8 | HIGH | β | 0 |
| CVE-2021-47791 SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by ente... | 7.5 | HIGH | β | 0 |
| CVE-2021-47792 Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service pat... | 7.8 | HIGH | β | 0 |
| CVE-2021-47793 Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer... | 7.5 | HIGH | β | 0 |
| CVE-2021-47794 ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account ... | 8.8 | HIGH | β | 0 |
| CVE-2021-47806 Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unqu... | 7.8 | HIGH | β | 0 |
| CVE-2021-47807 Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | β | 0 |
| CVE-2021-47808 Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-47809 Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exp... | 7.8 | HIGH | β | 0 |
| CVE-2021-47810 WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted pa... | 7.8 | HIGH | β | 0 |
| CVE-2021-47811 Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the ord... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-62581 Delta Electronics DIAView has multiple vulnerabilities. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47812 GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit t... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47814 NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer i... | 7.5 | HIGH | β | 0 |
| CVE-2021-47815 Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated chara... | 7.5 | HIGH | β | 0 |
| CVE-2025-14231 Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unr... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14232 Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unre... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14233 Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unre... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62582 Delta Electronics DIAView has multiple vulnerabilities. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14234 Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14235 Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being u... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14236 Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.