CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-24748 Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the `GetConfig()` API endpoint. This allowed u... | 7.2 | HIGH | β | 0 |
| CVE-2026-24765 PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in ... | 7.8 | HIGH | β | 0 |
| CVE-2026-24783 soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate pro... | 7.5 | HIGH | β | 0 |
| CVE-2025-55292 Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This ... | 8.2 | HIGH | β | 0 |
| CVE-2026-24134 StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Managemen... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24785 Clatter is a no_std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-40552 SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40553 SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the h... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1521 A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Perfo... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1536 A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are t... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-1539 A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization head... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-1522 A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_response of the file src/sgwc/s5c-handler.c of the component SGWC. Executin... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-22243 EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in ... | 8.8 | HIGH | β | 0 |
| CVE-2022-40619 FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticate... | 7.7 | HIGH | β | 0 |
| CVE-2022-40620 FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. A... | 7.7 | HIGH | β | 0 |
| CVE-2026-0749 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 thro... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0750 Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: fr... | 7.5 | HIGH | β | 0 |
| CVE-2025-13981 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artif... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-13982 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3. | 8.1 | HIGH | β | 0 |
| CVE-2025-46691 Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabili... | 7.8 | HIGH | β | 0 |
| CVE-2026-24835 Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to complet... | 7.1 | HIGH | β | 0 |
| CVE-2026-24889 soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15344 Tanium addressed a SQL injection vulnerability in Asset. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-25067 SmarterTools SmarterMail versions prior to build 9518 containΒ an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-sup... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1586 A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogs_gtp2_f_teid_to_ip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of servi... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1587 A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11_handle_modify_bearer_request of the file /sgwc/s11-handler.c of the component SGWC. The manipulatio... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-7013 Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026.Β ... | 5.7 | MEDIUM | β | 0 |
| CVE-2025-7014 Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026.Β NOTE: The vendor was contacted early about this ... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-1616 The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters. | 7.5 | HIGH | β | 0 |
| CVE-2025-7713 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Th... | 7.5 | HIGH | β | 0 |
| CVE-2025-7714 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line ... | 7.5 | HIGH | β | 0 |
| CVE-2026-1760 A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive heade... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-62514 Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check f... | 8.3 | HIGH | β | 0 |
| CVE-2026-1597 A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session lead... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-15545 The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowin... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-1598 A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Information... | 3.5 | LOW | β | 0 |
| CVE-2026-1599 A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Chec... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-26480 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter. | 7.5 | HIGH | β | 0 |
| CVE-2026-1600 A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component Add-t... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-23896 immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privile... | 7.2 | HIGH | β | 0 |
| CVE-2026-24054 Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a container image ... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-24413 Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\i... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-24414 The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permission... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-13399 A weakness in the web interfaceβs application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requi... | 8.8 | HIGH | β | 0 |
| CVE-2025-15541 Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limi... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-15542 Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of servi... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15543 Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access readβonly access to system files... | 4.6 | MEDIUM | β | 0 |
| CVE-2025-15548 Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffi... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-69749 Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-1457 An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution.Β Authenticated attackers may trigger buff... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.