CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-32903 Rejected reason: This CVE ID has been rejected. | N/A | NONE | β | 0 |
| CVE-2026-32904 Rejected reason: This CVE ID has been rejected. | N/A | NONE | β | 0 |
| CVE-2026-32907 Rejected reason: This CVE ID has been rejected. | N/A | NONE | β | 0 |
| CVE-2026-32908 Rejected reason: This CVE ID has been rejected. | N/A | NONE | β | 0 |
| CVE-2026-32909 Rejected reason: This CVE ID has been rejected. | N/A | NONE | β | 0 |
| CVE-2006-10002 XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.... | 7.5 | HIGH | β | 0 |
| CVE-2025-14905 A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly... | 7.2 | HIGH | β | 0 |
| CVE-2026-1914 The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesk_newcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitizat... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4022 The Show Posts list β Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post_type' shortcode attribute in the 'swiftpost-list' shortcode in all ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4509 A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black r... | 6.3 | MEDIUM | β | 0 |
| CVE-2019-25544 Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can in... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25548 BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer o... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25549 VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buff... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25550 Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byt... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25552 CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a la... | 7.5 | HIGH | β | 0 |
| CVE-2019-25557 TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp fil... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25558 Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can p... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25560 Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an ove... | 7.5 | HIGH | β | 0 |
| CVE-2019-25561 Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-2351 The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callback_get_text_from_url() function. This makes it possible for authent... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-25562 jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field.... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-3003 The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βvagaro_codeβ parameter in all versions up to, and including, 0.3 due to insufficient input sanitiza... | 7.2 | HIGH | β | 0 |
| CVE-2019-25563 PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability throug... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25564 PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a b... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-25566 TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a mal... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-28126 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sizam RH Frontend Publishing Pro allows Reflected XSS.This issue affects RH Frontend Publishing Pr... | 7.1 | HIGH | β | 0 |
| CVE-2026-27776 IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed... | 8.8 | HIGH | β | 0 |
| CVE-2026-20131 A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root o... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2026-23269 In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into... | N/A | NONE | β | 0 |
| CVE-2024-42210 A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Β Stored cross-site scripting (also known as second-order or persistent XSS) arises when an a... | 7.6 | HIGH | β | 0 |
| CVE-2026-26939 Missing Authorization (CWE-862) in Kibanaβs server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process susp... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-26940 Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows a... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32034 OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allow... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-33368 Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulnerability in the Classic Webmail REST interface (/h/rest). The application fails to properly sanitize... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-69256 The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnera... | 7.5 | HIGH | β | 0 |
| CVE-2025-52636 HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially ... | 1.8 | LOW | β | 0 |
| CVE-2025-52642 HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure de... | 3.3 | LOW | β | 0 |
| CVE-2026-30701 The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains hardcoded credential disclosure mechanisms (in the form of Server Side Include) within multiple server-side web... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-30702 The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, al... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30703 A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi endpoint improperly sanitizes user-supplied input pr... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32812 Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO Metadata API can result in SSRF and local file reads. The SSO Metadata fetch endp... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-32813 Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets a... | 8.0 | HIGH | β | 0 |
| CVE-2026-32875 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handl... | 7.5 | HIGH | β | 0 |
| CVE-2026-32880 ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-33038 WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application takeover through the install/checkConfiguration.php endpoint. install/checkConfigura... | 8.1 | HIGH | β | 0 |
| CVE-2026-21992 Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Servi... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33017 Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withou... | N/A | NONE | β | 0 |
| CVE-2026-33036 fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character refere... | 7.5 | HIGH | β | 0 |
| CVE-2026-33037 WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-compose.yml, env.example) ship with the admin password set to "password", which i... | 8.1 | HIGH | β | 0 |
| CVE-2025-63260 SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message. | 5.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.