CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-47822 DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit th... | 7.8 | HIGH | β | 0 |
| CVE-2021-47823 Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path i... | 7.8 | HIGH | β | 0 |
| CVE-2021-47824 iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buff... | 7.5 | HIGH | β | 0 |
| CVE-2021-47825 Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\P... | 7.8 | HIGH | β | 0 |
| CVE-2026-20960 Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network. | 8.0 | HIGH | β | 0 |
| CVE-2021-47826 Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | β | 0 |
| CVE-2021-47827 WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerabili... | 7.5 | HIGH | β | 0 |
| CVE-2021-47828 BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem... | 7.8 | HIGH | β | 0 |
| CVE-2021-47829 DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the u... | 7.8 | HIGH | β | 0 |
| CVE-2021-47831 Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeat... | 7.5 | HIGH | β | 0 |
| CVE-2021-47832 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate. | N/A | NONE | β | 0 |
| CVE-2021-47833 WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquot... | 7.8 | HIGH | β | 0 |
| CVE-2021-47834 Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact categor... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-47835 Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with emb... | 7.2 | HIGH | β | 0 |
| CVE-2021-47836 Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with em... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-47837 Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with emb... | 7.2 | HIGH | β | 0 |
| CVE-2021-47838 Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that e... | 7.2 | HIGH | β | 0 |
| CVE-2021-47839 Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded Ja... | 7.2 | HIGH | β | 0 |
| CVE-2021-47840 Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files w... | 7.2 | HIGH | β | 0 |
| CVE-2021-47841 SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious Ja... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-47842 StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded ... | 7.2 | HIGH | β | 0 |
| CVE-2021-47844 Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-47845 Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit... | 7.8 | HIGH | β | 0 |
| CVE-2021-47847 Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the... | 7.8 | HIGH | β | 0 |
| CVE-2025-15032 Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site. | 7.4 | HIGH | β | 0 |
| CVE-2025-48647 In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no add... | 7.8 | HIGH | β | 0 |
| CVE-2025-61873 Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used. | 2.6 | LOW | β | 0 |
| CVE-2025-62291 In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially res... | 8.1 | HIGH | β | 0 |
| CVE-2026-23535 wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerabil... | 8.0 | HIGH | β | 0 |
| CVE-2026-23745 node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). Thi... | 6.1 | MEDIUM | β | 0 |
| CVE-2012-10064 Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/u... | N/A | NONE | β | 0 |
| CVE-2025-69581 An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23645 SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not saniti... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-23722 WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inse... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-23723 WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando paramet... | 7.2 | HIGH | β | 0 |
| CVE-2026-23724 WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/atendido/cadastro_ocorrencia.php endpoint of the WeGIA ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-23725 WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/pet/adotantes/cadastro_adotante.php and html/pet/adotan... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23726 WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-23727 WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-23728 WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-23729 WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-12718 The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcf_validate_form' AJAX endpoint allowing a user controlle... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-23730 WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-23731 WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-23735 GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, w... | N/A | NONE | β | 0 |
| CVE-2026-23742 Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua ... | 8.8 | HIGH | β | 0 |
| CVE-2019-25297 Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior toΒ 19.6.25 contain a stored cross-site scripting (XSS) vulnerability via multiple parameters due to insufficient input... | N/A | NONE | β | 0 |
| CVE-2026-23800 Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-56451 Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-22816 Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal ... | 7.4 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.