CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-5742 The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and imp... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5838 A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername cau... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5839 A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescript... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5840 A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5841 A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal.... | 7.3 | HIGH | β | 0 |
| CVE-2026-5842 A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation ... | 7.3 | HIGH | β | 0 |
| CVE-2026-5844 A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress... | 7.2 | HIGH | β | 0 |
| CVE-2026-5847 A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipula... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5848 A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5849 A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack m... | 7.3 | HIGH | β | 0 |
| CVE-2026-5850 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5851 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of th... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5852 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the arg... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5853 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5854 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-34179 In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint}... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-34538 Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with t... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-34757 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from... | 5.1 | MEDIUM | β | 0 |
| CVE-2026-4112 Improper neutralization of special elements used in an SQL command (βSQL Injectionβ) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileg... | N/A | NONE | β | 0 |
| CVE-2026-4113 An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. | N/A | NONE | β | 0 |
| CVE-2026-4116 Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. | N/A | NONE | β | 0 |
| CVE-2026-5437 An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocate... | N/A | NONE | β | 0 |
| CVE-2026-5438 A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on ... | N/A | NONE | β | 0 |
| CVE-2026-5439 A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed siz... | N/A | NONE | β | 0 |
| CVE-2026-5440 A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value witho... | N/A | NONE | β | 0 |
| CVE-2026-5441 An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression forma... | N/A | NONE | β | 0 |
| CVE-2026-5442 A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US),... | N/A | NONE | β | 0 |
| CVE-2026-5443 A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values o... | N/A | NONE | β | 0 |
| CVE-2026-5444 A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned a... | N/A | NONE | β | 0 |
| CVE-2026-5445 An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel i... | N/A | NONE | β | 0 |
| CVE-2025-14551 In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include cer... | N/A | NONE | β | 0 |
| CVE-2025-15480 In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-deskt... | N/A | NONE | β | 0 |
| CVE-2025-70364 An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. | N/A | NONE | β | 0 |
| CVE-2025-70365 A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user c... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-33005 Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (meta... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-33266 Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case ... | 7.5 | HIGH | β | 0 |
| CVE-2026-4878 A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to ... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-5960 A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executin... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-30479 A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable. | N/A | NONE | β | 0 |
| CVE-2026-39855 osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash comp... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-39856 osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash com... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-39942 Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this val... | 8.5 | HIGH | β | 0 |
| CVE-2026-39943 Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are created or updated. Due t... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-39957 Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll() causes the orWhereNotNull('user_group_id') clause to escape the owner... | N/A | NONE | β | 0 |
| CVE-2026-39958 oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) fr... | N/A | NONE | β | 0 |
| CVE-2026-39962 MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an un... | N/A | NONE | β | 0 |
| CVE-2026-39972 Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an a... | N/A | NONE | β | 0 |
| CVE-2026-39974 n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-S... | 8.5 | HIGH | β | 0 |
| CVE-2026-39976 Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets the JWT... | 7.1 | HIGH | β | 0 |
| CVE-2026-40046 Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly val... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.