CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-69559 code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69562 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69563 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69564 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirm_password, Role, Branch, and Activate param... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0705 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354. | N/A | NONE | — | 0 |
| CVE-2026-1472 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1473 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1474 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1475 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1476 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1477 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1478 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1479 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1480 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1481 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1482 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1483 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-22039 Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall.... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-22258 Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process... | 7.5 | HIGH | — | 0 |
| CVE-2026-22259 Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can ... | 7.5 | HIGH | — | 0 |
| CVE-2026-23881 Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with... | 7.7 | HIGH | — | 0 |
| CVE-2025-33234 NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privilege... | 7.8 | HIGH | — | 0 |
| CVE-2026-22260 Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use def... | 7.5 | HIGH | — | 0 |
| CVE-2020-36974 Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit ... | 7.8 | HIGH | — | 0 |
| CVE-2020-36975 EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers ca... | 7.8 | HIGH | — | 0 |
| CVE-2020-36976 Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can explo... | 7.8 | HIGH | — | 0 |
| CVE-2020-36977 Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can ex... | 7.8 | HIGH | — | 0 |
| CVE-2020-36978 Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, a... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-36979 Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executable... | 7.8 | HIGH | — | 0 |
| CVE-2020-36980 SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit t... | 7.8 | HIGH | — | 0 |
| CVE-2020-36981 Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path ... | 7.8 | HIGH | — | 0 |
| CVE-2020-36982 Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit t... | 7.8 | HIGH | — | 0 |
| CVE-2020-36983 Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured serv... | 7.8 | HIGH | — | 0 |
| CVE-2026-0746 The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible for authenticated attac... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-22261 Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Ve... | 3.7 | LOW | — | 0 |
| CVE-2026-22262 Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can ... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-22263 Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 pat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22264 Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts f... | 7.4 | HIGH | — | 0 |
| CVE-2026-23892 OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key e... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-24116 Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` WebAssembl... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-24398 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-24881 In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. ... | 8.1 | HIGH | — | 0 |
| CVE-2026-24882 In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. | 8.4 | HIGH | — | 0 |
| CVE-2026-24883 In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash). | 3.7 | LOW | — | 0 |
| CVE-2025-12810 Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change pa... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24472 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper hand... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24473 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclo... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24771 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-21589 An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1504 Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: ... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.