| {"text": "CVE-2026-23324: In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: etas_es58x: correctly anchor the urb in the read bulk callback\n\nWhen submitting an urb, that is using the anchor pattern, it needs to be\nanchored before submitting it otherwise it could be leaked if\nusb_kill_anchored_urbs() is called. This logic is correctly done\nelsewhere in the driver, except in the read bulk callback so do that\nhere also.", "spans": {"CVE_ID: CVE-2026-23324": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "FILEPATH: usb_kill_anchored_urbs()": [[294, 318]]}, "info": {"id": "nvd_2026_23324", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23325: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()\n\nCheck frame length before accessing the mgmt fields in\nmt7996_mac_write_txwi_80211 in order to avoid a possible oob access.", "spans": {"CVE_ID: CVE-2026-23325": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "VULNERABILITY: oob access": [[118, 128], [275, 285]], "FILEPATH: mt7996_mac_write_txwi_80211()": [[132, 161]]}, "info": {"id": "nvd_2026_23325", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23328: In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix NULL pointer dereference of mgmt_chann\n\nmgmt_chann may be set to NULL if the firmware returns an unexpected\nerror in aie2_send_mgmt_msg_wait(). This can later lead to a NULL\npointer dereference in aie2_hw_stop().\n\nFix this by introducing a dedicated helper to destroy mgmt_chann\nand by adding proper NULL checks before accessing it.", "spans": {"CVE_ID: CVE-2026-23328": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "VULNERABILITY: NULL pointer dereference": [[104, 128]], "FILEPATH: aie2_send_mgmt_msg_wait()": [[221, 246]], "VULNERABILITY: NULL\npointer dereference": [[273, 297]], "FILEPATH: aie2_hw_stop()": [[301, 315]]}, "info": {"id": "nvd_2026_23328", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23334: In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: f81604: handle short interrupt urb messages properly\n\nIf an interrupt urb is received that is not the correct length, properly\ndetect it and don't attempt to treat the data as valid.", "spans": {"CVE_ID: CVE-2026-23334": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]]}, "info": {"id": "nvd_2026_23334", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23335: In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed.", "spans": {"CVE_ID: CVE-2026-23335": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "FILEPATH: irdma_create_user_ah()": [[122, 144]], "VULNERABILITY: memory leak": [[383, 394]], "FILEPATH: ib_respond_udata()": [[444, 462]]}, "info": {"id": "nvd_2026_23335", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23337: In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()\n\nIn pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns\ndirectly. This bypasses the cleanup logic and results in a memory leak of\nthe cfg buffer.\n\nFix this by jumping to the out label on failure, ensuring kfree(cfg) is\ncalled before returning.", "spans": {"CVE_ID: CVE-2026-23337": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "VULNERABILITY: memory leak": [[115, 126], [298, 309]], "FILEPATH: pinconf_generic_parse_dt_config()": [[130, 163], [168, 201]], "FILEPATH: parse_dt_cfg()": [[206, 220]]}, "info": {"id": "nvd_2026_23337", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23338: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings\n\nUserspace can either deliberately pass in the too small num_fences, or the\nrequired number can legitimately grow between the two calls to the userq\nwait ioctl. In both cases we do not want the emit the kernel warning\nbacktrace since nothing is wrong with the kernel and userspace will simply\nget an errno reported back. So lets simply drop the WARN_ONs.\n\n(cherry picked from commit 2c333ea579de6cc20ea7bc50e9595ef72863e65c)", "spans": {"CVE_ID: CVE-2026-23338": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "FILEPATH: /amdgpu/userq": [[88, 101]]}, "info": {"id": "nvd_2026_23338", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23341: In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix crash when destroying a suspended hardware context\n\nIf userspace issues an ioctl to destroy a hardware context that has\nalready been automatically suspended, the driver may crash because the\nmailbox channel pointer is NULL for the suspended context.\n\nFix this by checking the mailbox channel pointer in aie2_destroy_context()\nbefore accessing it.", "spans": {"CVE_ID: CVE-2026-23341": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "FILEPATH: aie2_destroy_context()": [[407, 429]]}, "info": {"id": "nvd_2026_23341", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23344: In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix use-after-free on error path\n\nIn the error path of sev_tsm_init_locked(), the code dereferences 't'\nafter it has been freed with kfree(). The pr_err() statement attempts\nto access t->tio_en and t->tio_init_done after the memory has been\nreleased.\n\nMove the pr_err() call before kfree(t) to access the fields while the\nmemory is still valid.\n\nThis issue reported by Smatch static analyser", "spans": {"CVE_ID: CVE-2026-23344": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "VULNERABILITY: use-after-free": [[103, 117]], "FILEPATH: sev_tsm_init_locked()": [[154, 175]]}, "info": {"id": "nvd_2026_23344", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23347: In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: f81604: correctly anchor the urb in the read bulk callback\n\nWhen submitting an urb, that is using the anchor pattern, it needs to be\nanchored before submitting it otherwise it could be leaked if\nusb_kill_anchored_urbs() is called. This logic is correctly done\nelsewhere in the driver, except in the read bulk callback so do that\nhere also.", "spans": {"CVE_ID: CVE-2026-23347": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "FILEPATH: usb_kill_anchored_urbs()": [[290, 314]]}, "info": {"id": "nvd_2026_23347", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23349: In the Linux kernel, the following vulnerability has been resolved:\n\nHID: pidff: Fix condition effect bit clearing\n\nAs reported by MPDarkGuy on discord, NULL pointer dereferences were\nhappening because not all the conditional effects bits were cleared.\n\nProperly clear all conditional effect bits from ffbit", "spans": {"CVE_ID: CVE-2026-23349": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]], "VULNERABILITY: NULL pointer dereferences": [[169, 194]]}, "info": {"id": "nvd_2026_23349", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23358: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix error handling in slot reset\n\nIf the device has not recovered after slot reset is called, it goes to\nout label for error handling. There it could make decision based on\nuninitialized hive pointer and could result in accessing an uninitialized\nlist.\n\nInitialize the list and hive properly so that it handles the error\nsituation and also releases the reset domain lock which is acquired\nduring error_detected callback.\n\n(cherry picked from commit bb71362182e59caa227e4192da5a612b09349696)", "spans": {"CVE_ID: CVE-2026-23358": [[0, 14]], "SYSTEM: Linux kernel": [[23, 35]]}, "info": {"id": "nvd_2026_23358", "source": "nvd_cve"}} |
| {"text": "CVE-2026-33989: Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue.", "spans": {"CVE_ID: CVE-2026-33989": [[0, 14]], "VULNERABILITY: Path Traversal": [[156, 170]]}, "info": {"id": "nvd_2026_33989", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4985: A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.", "spans": {"CVE_ID: CVE-2026-4985": [[0, 13]], "VULNERABILITY: integer overflow": [[242, 258]]}, "info": {"id": "nvd_2026_4985", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4988: A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.", "spans": {"CVE_ID: CVE-2026-4988": [[0, 13]], "FILEPATH: /smf_gy_cca_cb/smf_s6b": [[114, 136]], "VULNERABILITY: denial of service": [[203, 220]]}, "info": {"id": "nvd_2026_4988", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4990: A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "spans": {"CVE_ID: CVE-2026-4990": [[0, 13]], "FILEPATH: /app/login": [[140, 150]], "VULNERABILITY: improper authorization": [[262, 284]]}, "info": {"id": "nvd_2026_4990", "source": "nvd_cve"}} |
| {"text": "CVE-2026-33991: WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches the vulnerability.", "spans": {"CVE_ID: CVE-2026-33991": [[0, 14]], "FILEPATH: /socio/sistema/deletar_tag.php": [[106, 136]]}, "info": {"id": "nvd_2026_33991", "source": "nvd_cve"}} |
| {"text": "CVE-2026-33992: pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery (SSRF) attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive infrastructure data including droplet ID, network configuration, region, authentication keys, and SSH keys configured in user-data/cloud-init. Version 0.5.0b3.dev97 contains a patch.", "spans": {"CVE_ID: CVE-2026-33992": [[0, 14]], "VULNERABILITY: Server-Side Request Forgery": [[194, 221]], "VULNERABILITY: SSRF": [[223, 227]], "SYSTEM: SSH": [[504, 507]]}, "info": {"id": "nvd_2026_33992", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4991: A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible to be carried out remotely.", "spans": {"CVE_ID: CVE-2026-4991": [[0, 13]], "FILEPATH: /admin/enquiry": [[151, 165]]}, "info": {"id": "nvd_2026_4991", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4992: A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "spans": {"CVE_ID: CVE-2026-4992": [[0, 13]], "FILEPATH: /openui/server.py": [[132, 149]]}, "info": {"id": "nvd_2026_4992", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1679: The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.", "spans": {"CVE_ID: CVE-2026-1679": [[0, 13]], "VULNERABILITY: CWE-120": [[198, 205]]}, "info": {"id": "nvd_2026_1679", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4987: The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the value of a user-controlled parameter. This makes it possible for unauthenticated attackers to bypass configured form payment-amount validation and create underpriced payment/subscription intents by setting form_id to 0.", "spans": {"CVE_ID: CVE-2026-4987": [[0, 13]], "SYSTEM: SureForms": [[19, 28]], "SYSTEM: WordPress": [[97, 106]], "VULNERABILITY: Payment Amount Bypass": [[124, 145]], "FILEPATH: create_payment_intent()": [[210, 233]]}, "info": {"id": "nvd_2026_4987", "source": "nvd_cve"}} |
| {"text": "CVE-2025-12886: The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.", "spans": {"CVE_ID: CVE-2025-12886": [[0, 14]], "SYSTEM: WordPress": [[43, 52]], "VULNERABILITY: Server-Side Request Forgery": [[70, 97]]}, "info": {"id": "nvd_2025_12886", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15445: The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.", "spans": {"CVE_ID: CVE-2025-15445": [[0, 14]], "SYSTEM: WordPress": [[41, 50], [424, 433]]}, "info": {"id": "nvd_2025_15445", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1307: The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information.", "spans": {"CVE_ID: CVE-2026-1307": [[0, 13]], "SYSTEM: WordPress": [[89, 98]], "VULNERABILITY: Information Exposure": [[126, 146]]}, "info": {"id": "nvd_2026_1307", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4993: A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "spans": {"CVE_ID: CVE-2026-4993": [[0, 13]], "FILEPATH: /openui/config.py.": [[133, 151]]}, "info": {"id": "nvd_2026_4993", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4994: A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the local network is required for this attack. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.", "spans": {"CVE_ID: CVE-2026-4994": [[0, 13]], "FILEPATH: /openui/server.py": [[147, 164]], "VULNERABILITY: information exposure": [[254, 274]]}, "info": {"id": "nvd_2026_4994", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4995: A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.", "spans": {"CVE_ID: CVE-2026-4995": [[0, 13]], "FILEPATH: /public/annotator/index.html": [[152, 180]]}, "info": {"id": "nvd_2026_4995", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20037: xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by shellcode to overwrite the instruction pointer and achieve code execution or denial of service.", "spans": {"CVE_ID: CVE-2016-20037": [[0, 14]], "VULNERABILITY: buffer overflow": [[66, 81]], "VULNERABILITY: denial of service": [[390, 407]]}, "info": {"id": "nvd_2016_20037", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20038: yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.", "spans": {"CVE_ID: CVE-2016-20038": [[0, 14]], "VULNERABILITY: buffer overflow": [[54, 69]]}, "info": {"id": "nvd_2016_20038", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20039: Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.", "spans": {"CVE_ID: CVE-2016-20039": [[0, 14]], "VULNERABILITY: buffer overflow": [[65, 80]]}, "info": {"id": "nvd_2016_20039", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20040: TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses.", "spans": {"CVE_ID: CVE-2016-20040": [[0, 14]], "VULNERABILITY: buffer overflow": [[51, 66]]}, "info": {"id": "nvd_2016_20040", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20041: Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution.", "spans": {"CVE_ID: CVE-2016-20041": [[0, 14]], "VULNERABILITY: buffer overflow": [[40, 55]]}, "info": {"id": "nvd_2016_20041", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20042: TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.", "spans": {"CVE_ID: CVE-2016-20042": [[0, 14]], "VULNERABILITY: buffer overflow": [[44, 59]]}, "info": {"id": "nvd_2016_20042", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20043: NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and achieve code execution.", "spans": {"CVE_ID: CVE-2016-20043": [[0, 14]], "VULNERABILITY: buffer overflow": [[57, 72]]}, "info": {"id": "nvd_2016_20043", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20044: PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.", "spans": {"CVE_ID: CVE-2016-20044": [[0, 14]], "VULNERABILITY: buffer overflow": [[49, 64]]}, "info": {"id": "nvd_2016_20044", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20045: HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution.", "spans": {"CVE_ID: CVE-2016-20045": [[0, 14]], "VULNERABILITY: buffer overflow": [[57, 72]]}, "info": {"id": "nvd_2016_20045", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20046: zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.", "spans": {"CVE_ID: CVE-2016-20046": [[0, 14]], "VULNERABILITY: buffer overflow": [[58, 73]], "SYSTEM: FTP": [[122, 125]]}, "info": {"id": "nvd_2016_20046", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20047: EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.", "spans": {"CVE_ID: CVE-2016-20047": [[0, 14]], "VULNERABILITY: buffer overflow": [[61, 76]]}, "info": {"id": "nvd_2016_20047", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20048: iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges.", "spans": {"CVE_ID: CVE-2016-20048": [[0, 14]], "VULNERABILITY: buffer overflow": [[52, 67]]}, "info": {"id": "nvd_2016_20048", "source": "nvd_cve"}} |
| {"text": "CVE-2016-20049: JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context.", "spans": {"CVE_ID: CVE-2016-20049": [[0, 14]], "VULNERABILITY: buffer overflow": [[67, 82]]}, "info": {"id": "nvd_2016_20049", "source": "nvd_cve"}} |
| {"text": "CVE-2024-14034: Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification.", "spans": {"CVE_ID: CVE-2024-14034": [[0, 14]], "VULNERABILITY: authentication bypass": [[78, 99]], "SYSTEM: HTTP": [[121, 125], [251, 255]], "VULNERABILITY: improper authentication": [[291, 314]]}, "info": {"id": "nvd_2024_14034", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34762: Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0.", "spans": {"CVE_ID: CVE-2026-34762": [[0, 14]], "FILEPATH: /api/v1/subscriber": [[102, 120]]}, "info": {"id": "nvd_2026_34762", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34833: Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has been patched in version 1.4.10.", "spans": {"CVE_ID: CVE-2026-34833": [[0, 14]], "FILEPATH: /api/auth/session": [[123, 140]]}, "info": {"id": "nvd_2026_34833", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34834: Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings via the /api/settings endpoint by providing arbitrary headers. This issue has been patched in version 1.4.10.", "spans": {"CVE_ID: CVE-2026-34834": [[0, 14]], "FILEPATH: /api/settings": [[321, 334]]}, "info": {"id": "nvd_2026_34834", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34838: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. This issue has been patched in versions 6.8.156, 25.0.90, and 26.0.12.", "spans": {"CVE_ID: CVE-2026-34838": [[0, 14]], "VULNERABILITY: insecure deserialization": [[213, 237]], "VULNERABILITY: Arbitrary File Write": [[378, 398]], "VULNERABILITY: Remote Code Execution": [[420, 441]]}, "info": {"id": "nvd_2026_34838", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34840: OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verification and identity extraction. isSignatureValid() verifies the first <Signature> element in the XML DOM using xml-crypto, while getEmail() always reads from assertion[0] via xml2js. An attacker can prepend an unsigned assertion containing an arbitrary identity before a legitimately signed assertion, resulting in authentication bypass. This issue has been patched in version 10.0.42.", "spans": {"CVE_ID: CVE-2026-34840": [[0, 14]], "SYSTEM: SAML": [[121, 125]], "FILEPATH: /FeatureSet/Identity/Utils/SSO.ts": [[149, 182]], "VULNERABILITY: authentication bypass": [[529, 550]]}, "info": {"id": "nvd_2026_34840", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34847: hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to construct a URL and redirect the user without proper validation. This issue has been patched in version 2026.3.0.", "spans": {"CVE_ID: CVE-2026-34847": [[0, 14]], "VULNERABILITY: open redirect": [[136, 149]]}, "info": {"id": "nvd_2026_34847", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34848: hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the team member overflow tooltip via display name. This issue has been patched in version 2026.3.0.", "spans": {"CVE_ID: CVE-2026-34848": [[0, 14]], "VULNERABILITY: stored XSS": [[110, 120]]}, "info": {"id": "nvd_2026_34848", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34931: hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.", "spans": {"CVE_ID: CVE-2026-34931": [[0, 14]], "VULNERABILITY: open redirect": [[111, 124]]}, "info": {"id": "nvd_2026_34931", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34932: hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0.", "spans": {"CVE_ID: CVE-2026-34932": [[0, 14]], "VULNERABILITY: stored XSS": [[110, 120]], "VULNERABILITY: CSRF": [[152, 156]]}, "info": {"id": "nvd_2026_34932", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35053: OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId) without any authentication middleware. An attacker who can obtain or guess a workflow ID can trigger arbitrary workflow execution with attacker-controlled input data, enabling JavaScript code execution, notification abuse, and data manipulation. This issue has been patched in version 10.0.42.", "spans": {"CVE_ID: CVE-2026-35053": [[0, 14]], "FILEPATH: /workflow/manual/run": [[182, 202], [224, 244]]}, "info": {"id": "nvd_2026_35053", "source": "nvd_cve"}} |
| {"text": "CVE-2024-14033: Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled.", "spans": {"CVE_ID: CVE-2024-14033": [[0, 14]], "VULNERABILITY: heap overflow": [[134, 147], [363, 376]]}, "info": {"id": "nvd_2024_14033", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15620: HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.", "spans": {"CVE_ID: CVE-2025-15620": [[0, 14]], "SYSTEM: HTTP": [[229, 233], [341, 345]]}, "info": {"id": "nvd_2025_15620", "source": "nvd_cve"}} |
| {"text": "CVE-2026-30251: A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.", "spans": {"CVE_ID: CVE-2026-30251": [[0, 14]], "VULNERABILITY: reflected cross-site scripting": [[18, 48]]}, "info": {"id": "nvd_2026_30251", "source": "nvd_cve"}} |
| {"text": "CVE-2026-30252: Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters.", "spans": {"CVE_ID: CVE-2026-30252": [[0, 14]], "VULNERABILITY: reflected cross-site scripting": [[25, 55]]}, "info": {"id": "nvd_2026_30252", "source": "nvd_cve"}} |
| {"text": "CVE-2026-26135: Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.", "spans": {"CVE_ID: CVE-2026-26135": [[0, 14]], "VULNERABILITY: Server-side request forgery": [[16, 43]], "VULNERABILITY: ssrf": [[45, 49]]}, "info": {"id": "nvd_2026_26135", "source": "nvd_cve"}} |
| {"text": "CVE-2026-32173: Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.", "spans": {"CVE_ID: CVE-2026-32173": [[0, 14]], "VULNERABILITY: Improper authentication": [[16, 39]]}, "info": {"id": "nvd_2026_32173", "source": "nvd_cve"}} |
| {"text": "CVE-2026-32213: Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.", "spans": {"CVE_ID: CVE-2026-32213": [[0, 14]], "VULNERABILITY: Improper authorization": [[16, 38]]}, "info": {"id": "nvd_2026_32213", "source": "nvd_cve"}} |
| {"text": "CVE-2026-33105: Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.", "spans": {"CVE_ID: CVE-2026-33105": [[0, 14]], "VULNERABILITY: Improper authorization": [[16, 38]], "ORGANIZATION: Microsoft": [[42, 51]], "SYSTEM: Kubernetes": [[58, 68]]}, "info": {"id": "nvd_2026_33105", "source": "nvd_cve"}} |
| {"text": "CVE-2026-33107: Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.", "spans": {"CVE_ID: CVE-2026-33107": [[0, 14]], "VULNERABILITY: Server-side request forgery": [[16, 43]], "VULNERABILITY: ssrf": [[45, 49]]}, "info": {"id": "nvd_2026_33107", "source": "nvd_cve"}} |
| {"text": "CVE-2026-28815: A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.", "spans": {"CVE_ID: CVE-2026-28815": [[0, 14]], "VULNERABILITY: out-of-bounds read": [[97, 115]]}, "info": {"id": "nvd_2026_28815", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35535: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.", "spans": {"CVE_ID: CVE-2026-35535": [[0, 14]], "VULNERABILITY: privilege escalation": [[195, 215]]}, "info": {"id": "nvd_2026_35535", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35537: An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data.", "spans": {"CVE_ID: CVE-2026-35537": [[0, 14]], "VULNERABILITY: deserialization": [[94, 109]], "VULNERABILITY: arbitrary file write": [[160, 180]]}, "info": {"id": "nvd_2026_35537", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5452: A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key\r . The attack can only be executed locally. The exploit has been published and may be used.", "spans": {"CVE_ID: CVE-2026-5452": [[0, 13]], "SYSTEM: Android": [[78, 85]]}, "info": {"id": "nvd_2026_5452", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35538: An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.", "spans": {"CVE_ID: CVE-2026-35538": [[0, 14]], "VULNERABILITY: CSRF": [[161, 165]]}, "info": {"id": "nvd_2026_35538", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35540: An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts.", "spans": {"CVE_ID: CVE-2026-35540": [[0, 14]], "VULNERABILITY: SSRF": [[173, 177]], "VULNERABILITY: Information Disclosure": [[181, 203]]}, "info": {"id": "nvd_2026_35540", "source": "nvd_cve"}} |
| {"text": "CVE-2026-3311: The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "spans": {"CVE_ID: CVE-2026-3311": [[0, 13]], "SYSTEM: WordPress": [[132, 141]], "VULNERABILITY: Stored Cross-Site Scripting": [[159, 186]]}, "info": {"id": "nvd_2026_3311", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5083: Ado::Sessions versions through 0.935 for Perl generates insecure session ids.\n\nThe session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredicable session ids could allow an attacker to gain access to systems.\n\nNote that Ado is no longer maintained, and has been removed from the CPAN index. It is still available on BackPAN.", "spans": {"CVE_ID: CVE-2026-5083": [[0, 13]], "SYSTEM: HTTP": [[320, 324]]}, "info": {"id": "nvd_2026_5083", "source": "nvd_cve"}} |
| {"text": "CVE-2025-1794: The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded SVG files in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "spans": {"CVE_ID: CVE-2025-1794": [[0, 13]], "SYSTEM: WordPress": [[46, 55]], "VULNERABILITY: Stored Cross-Site Scripting": [[73, 100]]}, "info": {"id": "nvd_2025_1794", "source": "nvd_cve"}} |
| {"text": "CVE-2026-2838: The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowhole_success_msg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "spans": {"CVE_ID: CVE-2026-2838": [[0, 13]], "SYSTEM: WordPress": [[65, 74]], "VULNERABILITY: Stored Cross-Site Scripting": [[92, 119]]}, "info": {"id": "nvd_2026_2838", "source": "nvd_cve"}} |
| {"text": "CVE-2026-3142: The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post_var' parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "spans": {"CVE_ID: CVE-2026-3142": [[0, 13]], "ORGANIZATION: Meta": [[60, 64]], "SYSTEM: WordPress": [[80, 89]], "VULNERABILITY: Stored Cross-Site Scripting": [[107, 134]]}, "info": {"id": "nvd_2026_3142", "source": "nvd_cve"}} |
| {"text": "CVE-2026-3781: The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' parameter in all versions up to, and including, 0.6.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "spans": {"CVE_ID: CVE-2026-3781": [[0, 13]], "SYSTEM: WordPress": [[49, 58]], "VULNERABILITY: SQL Injection": [[76, 89]]}, "info": {"id": "nvd_2026_3781", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4338: The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts", "spans": {"CVE_ID: CVE-2026-4338": [[0, 13]], "SYSTEM: WordPress": [[31, 40]], "FILEPATH: /scheduled/pending": [[155, 173]]}, "info": {"id": "nvd_2026_4338", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4808: The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile() function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", "spans": {"CVE_ID: CVE-2026-4808": [[0, 13]], "SYSTEM: WordPress": [[64, 73]], "VULNERABILITY: arbitrary file uploads": [[91, 113]], "VULNERABILITY: remote code execution": [[396, 417]]}, "info": {"id": "nvd_2026_4808", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4871: The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' attributes of the `scm_member_data` shortcode in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "spans": {"CVE_ID: CVE-2026-4871": [[0, 13]], "SYSTEM: WordPress": [[53, 62]], "VULNERABILITY: Stored Cross-Site Scripting": [[80, 107]]}, "info": {"id": "nvd_2026_4871", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5506: The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "spans": {"CVE_ID: CVE-2026-5506": [[0, 13]], "SYSTEM: WordPress": [[35, 44]], "VULNERABILITY: Stored Cross-Site Scripting": [[62, 89]]}, "info": {"id": "nvd_2026_5506", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5508: The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "spans": {"CVE_ID: CVE-2026-5508": [[0, 13]], "SYSTEM: WordPress": [[39, 48]], "VULNERABILITY: Stored Cross-Site Scripting": [[66, 93]]}, "info": {"id": "nvd_2026_5508", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4330: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2s_id' parameter belongs to the current user before performing UPDATE and DELETE operations. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify, reschedule, or delete other users' scheduled social media posts.", "spans": {"CVE_ID: CVE-2026-4330": [[0, 13]], "SYSTEM: WordPress": [[78, 87]], "VULNERABILITY: authorization bypass": [[105, 125]]}, "info": {"id": "nvd_2026_4330", "source": "nvd_cve"}} |
| {"text": "CVE-2026-4654: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpas_get_ticket_replies_ajax() function failing to verify whether the authenticated user has permission to view the specific ticket being requested. This makes it possible for authenticated attackers, with subscriber-level access and above, to access sensitive information from all support tickets in the system by manipulating the ticket_id parameter.", "spans": {"CVE_ID: CVE-2026-4654": [[0, 13]], "SYSTEM: WordPress": [[37, 46], [84, 93]], "VULNERABILITY: Insecure Direct Object Reference": [[111, 143]], "FILEPATH: wpas_get_ticket_replies_ajax()": [[204, 234]]}, "info": {"id": "nvd_2026_4654", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1396: The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "spans": {"CVE_ID: CVE-2026-1396": [[0, 13]], "SYSTEM: WordPress": [[67, 76]], "VULNERABILITY: Stored Cross-Site Scripting": [[94, 121]]}, "info": {"id": "nvd_2026_1396", "source": "nvd_cve"}} |
| {"text": "CVE-2026-25776: Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.", "spans": {"CVE_ID: CVE-2026-25776": [[0, 14]], "VULNERABILITY: code injection": [[67, 81]]}, "info": {"id": "nvd_2026_25776", "source": "nvd_cve"}} |
| {"text": "CVE-2026-33088: Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.", "spans": {"CVE_ID: CVE-2026-33088": [[0, 14]], "VULNERABILITY: SQL Injection": [[68, 81]]}, "info": {"id": "nvd_2026_33088", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39464: Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.", "spans": {"CVE_ID: CVE-2026-39464": [[0, 14]], "VULNERABILITY: Server-Side Request Forgery": [[16, 43]], "VULNERABILITY: SSRF": [[45, 49]]}, "info": {"id": "nvd_2026_39464", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39466: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <= 2.4.7.", "spans": {"CVE_ID: CVE-2026-39466": [[0, 14]], "VULNERABILITY: Improper Neutralization": [[16, 39]], "VULNERABILITY: SQL Injection": [[85, 98], [217, 230]], "SYSTEM: WordPress": [[145, 154]]}, "info": {"id": "nvd_2026_39466", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39475: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.1.", "spans": {"CVE_ID: CVE-2026-39475": [[0, 14]], "VULNERABILITY: Improper Neutralization": [[16, 39]], "VULNERABILITY: SQL Injection": [[85, 98], [175, 188]]}, "info": {"id": "nvd_2026_39475", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39476: Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.", "spans": {"CVE_ID: CVE-2026-39476": [[0, 14]], "VULNERABILITY: Missing Authorization": [[16, 37]]}, "info": {"id": "nvd_2026_39476", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39477: Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2.2.3.", "spans": {"CVE_ID: CVE-2026-39477": [[0, 14]], "VULNERABILITY: Missing Authorization": [[16, 37]]}, "info": {"id": "nvd_2026_39477", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39479: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through <= 1.1.20.", "spans": {"CVE_ID: CVE-2026-39479": [[0, 14]], "VULNERABILITY: Improper Neutralization": [[16, 39]], "VULNERABILITY: SQL Injection": [[85, 98], [169, 182]]}, "info": {"id": "nvd_2026_39479", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39482: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through <= 4.9.4.", "spans": {"CVE_ID: CVE-2026-39482": [[0, 14]], "VULNERABILITY: Improper Neutralization": [[16, 39]], "VULNERABILITY: Cross-site Scripting": [[78, 98]]}, "info": {"id": "nvd_2026_39482", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39483: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through <= 9.113.3.", "spans": {"CVE_ID: CVE-2026-39483": [[0, 14]], "VULNERABILITY: Improper Neutralization": [[16, 39]], "VULNERABILITY: Cross-site Scripting": [[78, 98]], "VULNERABILITY: Stored XSS": [[201, 211]]}, "info": {"id": "nvd_2026_39483", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39484: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.", "spans": {"CVE_ID: CVE-2026-39484": [[0, 14]], "VULNERABILITY: URL Redirect": [[16, 28]], "VULNERABILITY: Open Redirect": [[52, 65]]}, "info": {"id": "nvd_2026_39484", "source": "nvd_cve"}} |
| {"text": "CVE-2026-39485: Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through <= 14.2.4.", "spans": {"CVE_ID: CVE-2026-39485": [[0, 14]], "VULNERABILITY: Missing Authorization": [[16, 37]]}, "info": {"id": "nvd_2026_39485", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6121: A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.", "spans": {"CVE_ID: CVE-2026-6121": [[0, 13]], "FILEPATH: /goform/WrlclientSet": [[132, 152]], "VULNERABILITY: buffer overflow": [[233, 248]]}, "info": {"id": "nvd_2026_6121", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6122: A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", "spans": {"CVE_ID: CVE-2026-6122": [[0, 13]], "FILEPATH: /goform/L7Prot": [[134, 148]], "VULNERABILITY: buffer overflow": [[233, 248]]}, "info": {"id": "nvd_2026_6122", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6123: A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.", "spans": {"CVE_ID: CVE-2026-6123": [[0, 13]], "FILEPATH: /goform/addressNat": [[117, 135]], "VULNERABILITY: buffer overflow": [[232, 247]]}, "info": {"id": "nvd_2026_6123", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6124: A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.", "spans": {"CVE_ID: CVE-2026-6124": [[0, 13]], "FILEPATH: /goform/SafeMacFilter": [[139, 160]], "VULNERABILITY: buffer overflow": [[268, 283]]}, "info": {"id": "nvd_2026_6124", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6125: A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.", "spans": {"CVE_ID: CVE-2026-6125": [[0, 13]], "FILEPATH: /warm-flow/save-json": [[149, 169]], "FILEPATH: /skipCondition/permissionFlag": [[261, 290]], "VULNERABILITY: code injection": [[302, 316]]}, "info": {"id": "nvd_2026_6125", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6126: A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", "spans": {"CVE_ID: CVE-2026-6126": [[0, 13]], "SYSTEM: HTTP": [[168, 172]]}, "info": {"id": "nvd_2026_6126", "source": "nvd_cve"}} |
| {"text": "CVE-2017-20239: MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization, causing the injected scripts to execute in the victim's browser context.", "spans": {"CVE_ID: CVE-2017-20239": [[0, 14]], "VULNERABILITY: cross-site scripting": [[34, 54]]}, "info": {"id": "nvd_2017_20239", "source": "nvd_cve"}} |
| {"text": "CVE-2018-25257: Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.", "spans": {"CVE_ID: CVE-2018-25257": [[0, 14]], "VULNERABILITY: SQL injection": [[62, 75]]}, "info": {"id": "nvd_2018_25257", "source": "nvd_cve"}} |
| {"text": "CVE-2018-25258: RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.", "spans": {"CVE_ID: CVE-2018-25258": [[0, 14]], "VULNERABILITY: buffer overflow": [[44, 59], [310, 325]], "VULNERABILITY: arbitrary code execution": [[388, 412]]}, "info": {"id": "nvd_2018_25258", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25689: HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process.", "spans": {"CVE_ID: CVE-2019-25689": [[0, 14]], "VULNERABILITY: buffer overflow": [[58, 73]]}, "info": {"id": "nvd_2019_25689", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25691: Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets.", "spans": {"CVE_ID: CVE-2019-25691": [[0, 14]], "VULNERABILITY: buffer overflow": [[62, 77], [325, 340]]}, "info": {"id": "nvd_2019_25691", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25693: ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.", "spans": {"CVE_ID: CVE-2019-25693": [[0, 14]], "VULNERABILITY: SQL injection": [[46, 59]]}, "info": {"id": "nvd_2019_25693", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25695: R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.", "spans": {"CVE_ID: CVE-2019-25695": [[0, 14]], "VULNERABILITY: buffer overflow": [[41, 56]]}, "info": {"id": "nvd_2019_25695", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25697: CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials.", "spans": {"CVE_ID: CVE-2019-25697": [[0, 14]], "VULNERABILITY: SQL injection": [[40, 53]]}, "info": {"id": "nvd_2019_25697", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25699: Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data.", "spans": {"CVE_ID: CVE-2019-25699": [[0, 14]], "VULNERABILITY: SQL injection": [[62, 75]], "FILEPATH: /admin/comment/records": [[337, 359]], "FILEPATH: /admin/category/records": [[361, 384]], "FILEPATH: /admin/news/records": [[386, 405]], "FILEPATH: /admin/menu/childs": [[411, 429]]}, "info": {"id": "nvd_2019_25699", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25701: Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges.", "spans": {"CVE_ID: CVE-2019-25701": [[0, 14]], "VULNERABILITY: buffer overflow": [[69, 84]]}, "info": {"id": "nvd_2019_25701", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25703: ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL commands to extract sensitive database information.", "spans": {"CVE_ID: CVE-2019-25703": [[0, 14]], "VULNERABILITY: SQL injection": [[62, 75]]}, "info": {"id": "nvd_2019_25703", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25705: Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries and paste it into the action field through the Rules dialog to trigger the overflow and overwrite the return address.", "spans": {"CVE_ID: CVE-2019-25705": [[0, 14]], "VULNERABILITY: buffer overflow": [[49, 64]]}, "info": {"id": "nvd_2019_25705", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25707: eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.", "spans": {"CVE_ID: CVE-2019-25707": [[0, 14]], "VULNERABILITY: SQL injection": [[45, 58]]}, "info": {"id": "nvd_2019_25707", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25708: Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent.", "spans": {"CVE_ID: CVE-2019-25708": [[0, 14]], "VULNERABILITY: cross-site request forgery": [[57, 83]]}, "info": {"id": "nvd_2019_25708", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25710: Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.", "spans": {"CVE_ID: CVE-2019-25710": [[0, 14]], "VULNERABILITY: SQL injection": [[51, 64], [322, 335]]}, "info": {"id": "nvd_2019_25710", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25711: SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.", "spans": {"CVE_ID: CVE-2019-25711": [[0, 14]], "VULNERABILITY: denial of service": [[58, 75]]}, "info": {"id": "nvd_2019_25711", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25712: BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.", "spans": {"CVE_ID: CVE-2019-25712": [[0, 14]], "VULNERABILITY: buffer overflow": [[47, 62]], "VULNERABILITY: denial of service": [[222, 239]]}, "info": {"id": "nvd_2019_25712", "source": "nvd_cve"}} |
| {"text": "CVE-2019-25713: MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data.", "spans": {"CVE_ID: CVE-2019-25713": [[0, 14]], "VULNERABILITY: SQL injection": [[41, 54]], "FILEPATH: /charge/admin": [[259, 272]]}, "info": {"id": "nvd_2019_25713", "source": "nvd_cve"}} |
| {"text": "CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.", "spans": {"CVE_ID: CVE-2026-40385": [[0, 14]], "VULNERABILITY: integer overflow": [[61, 77]], "VULNERABILITY: information leak": [[159, 175]]}, "info": {"id": "nvd_2026_40385", "source": "nvd_cve"}} |
| {"text": "CVE-2026-40394: Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a \"workspace overflow\" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace.", "spans": {"CVE_ID: CVE-2026-40394": [[0, 14]], "VULNERABILITY: denial of service": [[115, 132]], "SYSTEM: HTTP": [[204, 208], [245, 249], [292, 296]]}, "info": {"id": "nvd_2026_40394", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6130: A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", "spans": {"CVE_ID: CVE-2026-6130": [[0, 13]], "FILEPATH: /main/mcp/ipc-stdio-transport.ts": [[134, 166]], "VULNERABILITY: command injection": [[298, 315]]}, "info": {"id": "nvd_2026_6130", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6131: A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.", "spans": {"CVE_ID: CVE-2026-6131": [[0, 13]], "FILEPATH: /cgi-bin/cstecgi.cgi": [[159, 179]], "VULNERABILITY: command injection": [[265, 282]]}, "info": {"id": "nvd_2026_6131", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6132: A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.", "spans": {"CVE_ID: CVE-2026-6132": [[0, 13]], "FILEPATH: /cgi-bin/cstecgi.cgi": [[149, 169]], "VULNERABILITY: command injection": [[251, 268]]}, "info": {"id": "nvd_2026_6132", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6133: A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.", "spans": {"CVE_ID: CVE-2026-6133": [[0, 13]], "FILEPATH: /goform/SafeUrlFilter.": [[136, 158]], "VULNERABILITY: buffer overflow": [[219, 234]]}, "info": {"id": "nvd_2026_6133", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6134: A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.", "spans": {"CVE_ID: CVE-2026-6134": [[0, 13]], "FILEPATH: /goform/qossetting.": [[152, 171]], "VULNERABILITY: buffer overflow": [[241, 256]]}, "info": {"id": "nvd_2026_6134", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6135: A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.", "spans": {"CVE_ID: CVE-2026-6135": [[0, 13]], "FILEPATH: /goform/SetIpBind.": [[138, 156]], "VULNERABILITY: buffer overflow": [[227, 242]]}, "info": {"id": "nvd_2026_6135", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6136: A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.", "spans": {"CVE_ID: CVE-2026-6136": [[0, 13]], "FILEPATH: /goform/L7Im.": [[141, 154]], "VULNERABILITY: buffer overflow": [[214, 229]]}, "info": {"id": "nvd_2026_6136", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5052: Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16.", "spans": {"CVE_ID: CVE-2026-5052": [[0, 13]], "VULNERABILITY: information disclosure": [[222, 244]]}, "info": {"id": "nvd_2026_5052", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6080: The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb->prepare(). This makes it possible for authenticated attackers with Admin-level access and above to append additional SQL queries and extract sensitive information from the database.", "spans": {"CVE_ID: CVE-2026-6080": [[0, 13]], "SYSTEM: WordPress": [[40, 49]], "VULNERABILITY: SQL Injection": [[67, 80]]}, "info": {"id": "nvd_2026_6080", "source": "nvd_cve"}} |
| {"text": "CVE-2026-21719: An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.", "spans": {"CVE_ID: CVE-2026-21719": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]]}, "info": {"id": "nvd_2026_21719", "source": "nvd_cve"}} |
| {"text": "CVE-2026-34018: An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.", "spans": {"CVE_ID: CVE-2026-34018": [[0, 14]], "VULNERABILITY: SQL injection": [[19, 32]]}, "info": {"id": "nvd_2026_34018", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35496: A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.", "spans": {"CVE_ID: CVE-2026-35496": [[0, 14]], "VULNERABILITY: path traversal": [[18, 32]]}, "info": {"id": "nvd_2026_35496", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6482: The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.", "spans": {"CVE_ID: CVE-2026-6482": [[0, 13]], "VULNERABILITY: privilege escalation": [[86, 106]], "SYSTEM: Windows": [[166, 173]], "SYSTEM: OpenSSL": [[231, 238]], "VULNERABILITY: arbitrary commands": [[427, 445]]}, "info": {"id": "nvd_2026_6482", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6443: All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.", "spans": {"CVE_ID: CVE-2026-6443": [[0, 13]], "SYSTEM: WordPress": [[50, 59]]}, "info": {"id": "nvd_2026_6443", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23853: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system.", "spans": {"CVE_ID: CVE-2026-23853": [[0, 14]], "VULNERABILITY: unauthorized access": [[392, 411]]}, "info": {"id": "nvd_2026_23853", "source": "nvd_cve"}} |
| {"text": "CVE-2026-33392: In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass", "spans": {"CVE_ID: CVE-2026-33392": [[0, 14]], "ORGANIZATION: JetBrains": [[19, 28]]}, "info": {"id": "nvd_2026_33392", "source": "nvd_cve"}} |
| {"text": "CVE-2025-36568: Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.", "spans": {"CVE_ID: CVE-2025-36568": [[0, 14]], "VULNERABILITY: credential exposure": [[381, 400]]}, "info": {"id": "nvd_2025_36568", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23775: Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to credential exposures. Authentication attempts as the compromised user would need to be authorized by a high privileged DD user. This vulnerability only affects systems with retention lock enabled.", "spans": {"CVE_ID: CVE-2026-23775": [[0, 14]], "VULNERABILITY: credential exposure": [[370, 389]]}, "info": {"id": "nvd_2026_23775", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23778: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to gain root-level access.", "spans": {"CVE_ID: CVE-2026-23778": [[0, 14]], "VULNERABILITY: command injection": [[250, 267]]}, "info": {"id": "nvd_2026_23778", "source": "nvd_cve"}} |
| {"text": "CVE-2026-23779: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain root-level access.", "spans": {"CVE_ID: CVE-2026-23779": [[0, 14]], "VULNERABILITY: command injection": [[250, 267]]}, "info": {"id": "nvd_2026_23779", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35072: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.", "spans": {"CVE_ID: CVE-2026-35072": [[0, 14]], "VULNERABILITY: improper neutralization": [[195, 218]], "VULNERABILITY: command injection": [[266, 283]], "VULNERABILITY: arbitrary command": [[403, 420]]}, "info": {"id": "nvd_2026_35072", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35073: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.", "spans": {"CVE_ID: CVE-2026-35073": [[0, 14]], "VULNERABILITY: improper neutralization": [[195, 218]], "VULNERABILITY: command injection": [[253, 270]], "VULNERABILITY: arbitrary command": [[388, 405]]}, "info": {"id": "nvd_2026_35073", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35074: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.", "spans": {"CVE_ID: CVE-2026-35074": [[0, 14]], "VULNERABILITY: improper neutralization": [[195, 218]], "VULNERABILITY: Command Injection": [[253, 270]], "VULNERABILITY: arbitrary command": [[388, 405]]}, "info": {"id": "nvd_2026_35074", "source": "nvd_cve"}} |
| {"text": "CVE-2026-35153: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.", "spans": {"CVE_ID: CVE-2026-35153": [[0, 14]], "VULNERABILITY: improper neutralization": [[195, 218]], "VULNERABILITY: arbitrary command": [[395, 412]]}, "info": {"id": "nvd_2026_35153", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5131: GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the named pipe with the privileges of the user under whose context the service is running. This allows for Server-Side Request Forgery to any Windows system on which the agent is installed and which provides communication via SMB or WebDav.\n\nThis issue was fixed in version 2.8.33.", "spans": {"CVE_ID: CVE-2026-5131": [[0, 13]], "VULNERABILITY: Server-Side Request Forgery": [[411, 438]], "SYSTEM: Windows": [[446, 453]]}, "info": {"id": "nvd_2026_5131", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6483: A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended.", "spans": {"CVE_ID: CVE-2026-6483": [[0, 13]], "FILEPATH: /cgi-bin/internet.cgi.": [[141, 163]], "VULNERABILITY: command injection": [[195, 212]]}, "info": {"id": "nvd_2026_6483", "source": "nvd_cve"}} |
| {"text": "CVE-2025-46605: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.", "spans": {"CVE_ID: CVE-2025-46605": [[0, 14]], "VULNERABILITY: session fixation": [[142, 158]], "VULNERABILITY: unauthorized access": [[277, 296]]}, "info": {"id": "nvd_2025_46605", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1949: Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.", "spans": {"CVE_ID: CVE-2026-1949": [[0, 13]], "SYSTEM: Delta Electronics AS320T": [[15, 39]]}, "info": {"id": "nvd_2026_1949", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5428: The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in widget rendering functions through version 1.7.1056, exploitable by authenticated authors and above.", "spans": {"CVE_ID: CVE-2026-5428": [[0, 13]], "SYSTEM: Royal Elementor Addons": [[19, 41]], "SYSTEM: WordPress": [[53, 62]], "VULNERABILITY: Stored Cross-Site Scripting": [[80, 107]]}, "info": {"id": "nvd_2026_5428", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6810: The Booking Calendar Contact Form plugin for WordPress through version 1.2.63 allows authenticated subscribers to hijack other users' calendars through missing validation on user-controlled keys.", "spans": {"CVE_ID: CVE-2026-6810": [[0, 13]], "SYSTEM: Booking Calendar Contact Form": [[19, 48]], "SYSTEM: WordPress": [[60, 69]], "VULNERABILITY: missing validation": [[167, 185]]}, "info": {"id": "nvd_2026_6810", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5347: WP Books Gallery plugin for WordPress through version 4.8.0 lacks proper authorization checks, enabling unauthenticated modification of custom post type slugs affecting site structure.", "spans": {"CVE_ID: CVE-2026-5347": [[0, 13]], "SYSTEM: WP Books Gallery": [[15, 31]], "SYSTEM: WordPress": [[43, 52]]}, "info": {"id": "nvd_2026_5347", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5364: Drag and Drop File Upload for Contact Form 7 plugin for WordPress up to version 1.1.3 permits unauthenticated arbitrary file uploads through sanitization bypass using special characters.", "spans": {"CVE_ID: CVE-2026-5364": [[0, 13]], "SYSTEM: Contact Form 7": [[45, 59]], "SYSTEM: WordPress": [[71, 80]], "VULNERABILITY: arbitrary file uploads": [[125, 147]], "VULNERABILITY: sanitization bypass": [[156, 175]]}, "info": {"id": "nvd_2026_5364", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6947: D-Link DWM-222W USB adapter contains a brute-force protection bypass vulnerability, enabling adjacent network attackers to bypass login attempt restrictions.", "spans": {"CVE_ID: CVE-2026-6947": [[0, 13]], "SYSTEM: D-Link DWM-222W": [[15, 30]], "VULNERABILITY: brute-force protection bypass": [[54, 83]]}, "info": {"id": "nvd_2026_6947", "source": "nvd_cve"}} |
| {"text": "CVE-2026-6393: The BetterDocs plugin for WordPress through version 4.3.11 lacks capability checks in AI content generation, permitting subscribers to trigger unauthorized OpenAI API calls.", "spans": {"CVE_ID: CVE-2026-6393": [[0, 13]], "SYSTEM: BetterDocs": [[19, 29]], "SYSTEM: WordPress": [[41, 50]], "SYSTEM: OpenAI API": [[171, 181]]}, "info": {"id": "nvd_2026_6393", "source": "nvd_cve"}} |
| {"text": "CVE-2026-5488: ExactMetrics plugin for WordPress through version 9.1.2 has authorization gaps in AJAX handlers, allowing subscribers to retrieve Google Ads tokens and modify integration settings.", "spans": {"CVE_ID: CVE-2026-5488": [[0, 13]], "SYSTEM: ExactMetrics": [[15, 27]], "SYSTEM: WordPress": [[39, 48]], "VULNERABILITY: authorization gaps": [[75, 93]], "SYSTEM: Google Ads": [[145, 155]]}, "info": {"id": "nvd_2026_5488", "source": "nvd_cve"}} |
| {"text": "CVE-2026-41485: Kyverno's forEach mutation handler contains an unchecked type assertion that causes controller crashes and admission blocks for policy creators.", "spans": {"CVE_ID: CVE-2026-41485": [[0, 14]], "SYSTEM: Kyverno": [[16, 23]], "VULNERABILITY: type assertion": [[73, 87]]}, "info": {"id": "nvd_2026_41485", "source": "nvd_cve"}} |
| {"text": "CVE-2026-41430: The Press application login redirect parameter accepts unvalidated URLs, enabling reflected cross-site scripting attacks through unsanitized user input.", "spans": {"CVE_ID: CVE-2026-41430": [[0, 14]], "VULNERABILITY: reflected cross-site scripting": [[98, 128]]}, "info": {"id": "nvd_2026_41430", "source": "nvd_cve"}} |
| {"text": "CVE-2026-41324: basic-ftp versions before 5.3.0 experience denial of service through unbounded memory consumption when processing malicious FTP directory listings.", "spans": {"CVE_ID: CVE-2026-41324": [[0, 14]], "SYSTEM: basic-ftp": [[16, 25]], "VULNERABILITY: denial of service": [[59, 76]], "VULNERABILITY: unbounded memory consumption": [[85, 113]], "SYSTEM: FTP": [[140, 143]]}, "info": {"id": "nvd_2026_41324", "source": "nvd_cve"}} |
| {"text": "CVE-2026-41323: Kyverno's apiCall feature automatically attaches ServiceAccount tokens to unvalidated external requests, risking token theft and cluster compromise.", "spans": {"CVE_ID: CVE-2026-41323": [[0, 14]], "SYSTEM: Kyverno": [[16, 23]], "SYSTEM: ServiceAccount": [[65, 79]], "VULNERABILITY: token theft": [[129, 140]]}, "info": {"id": "nvd_2026_41323", "source": "nvd_cve"}} |
| {"text": "CVE-2026-41319: MailKit before version 4.16.0 fails to flush stream buffers during STARTTLS negotiation, permitting SASL mechanism downgrade attacks via response injection.", "spans": {"CVE_ID: CVE-2026-41319": [[0, 14]], "SYSTEM: MailKit": [[16, 23]], "SYSTEM: STARTTLS": [[83, 91]], "VULNERABILITY: SASL mechanism downgrade": [[116, 140]], "VULNERABILITY: response injection": [[153, 171]]}, "info": {"id": "nvd_2026_41319", "source": "nvd_cve"}} |
| {"text": "CVE-2026-41318: AnythingLLM's Chartable component renders unsanitized LLM-generated captions, enabling stored DOM-based cross-site scripting via prompt injection.", "spans": {"CVE_ID: CVE-2026-41318": [[0, 14]], "SYSTEM: AnythingLLM": [[16, 27]], "VULNERABILITY: DOM-based cross-site scripting": [[110, 140]], "VULNERABILITY: prompt injection": [[145, 161]]}, "info": {"id": "nvd_2026_41318", "source": "nvd_cve"}} |
| {"text": "CVE-2026-41068: Kyverno's ConfigMap loader accepts unvalidated namespace fields, allowing namespace admins to read arbitrary ConfigMaps across cluster boundaries by bypassing RBAC restrictions.", "spans": {"CVE_ID: CVE-2026-41068": [[0, 14]], "SYSTEM: Kyverno": [[16, 23]], "SYSTEM: ConfigMap": [[26, 35]], "VULNERABILITY: RBAC restrictions": [[175, 192]]}, "info": {"id": "nvd_2026_41068", "source": "nvd_cve"}} |
| {"text": "CVE-2026-2028: MaxiBlocks Builder plugin for WordPress through version 2.1.8 permits authenticated authors to delete arbitrary media files without ownership verification.", "spans": {"CVE_ID: CVE-2026-2028": [[0, 13]], "SYSTEM: MaxiBlocks Builder": [[15, 33]], "SYSTEM: WordPress": [[45, 54]], "VULNERABILITY: arbitrary media files": [[117, 138]]}, "info": {"id": "nvd_2026_2028", "source": "nvd_cve"}} |
| {"text": "CVE-2024-4024: An authentication bypass vulnerability in GitLab allows Bitbucket account credential misuse to take over linked user accounts under specific OAuth conditions.", "spans": {"CVE_ID: CVE-2024-4024": [[0, 13]], "VULNERABILITY: authentication bypass": [[18, 39]], "ORGANIZATION: GitLab": [[57, 63]], "SYSTEM: Bitbucket": [[71, 80]], "SYSTEM: OAuth": [[156, 161]]}, "info": {"id": "nvd_2024_4024", "source": "nvd_cve"}} |
| {"text": "CVE-2024-4006: GitLab versions 16.7 through 16.9 fail to enforce personal access token scopes within GraphQL subscriptions, allowing unauthorized API access.", "spans": {"CVE_ID: CVE-2024-4006": [[0, 13]], "ORGANIZATION: GitLab": [[15, 21]], "SYSTEM: GraphQL": [[101, 108]], "VULNERABILITY: unauthorized API access": [[133, 156]]}, "info": {"id": "nvd_2024_4006", "source": "nvd_cve"}} |
| {"text": "CVE-2024-1525: LDAP users in GitLab may reset passwords via verified secondary email and authenticate directly, bypassing LDAP authentication requirements.", "spans": {"CVE_ID: CVE-2024-1525": [[0, 13]], "SYSTEM: LDAP": [[15, 19], [122, 126]], "ORGANIZATION: GitLab": [[29, 35]]}, "info": {"id": "nvd_2024_1525", "source": "nvd_cve"}} |
| {"text": "CVE-2023-6840: GitLab maintainers can rename protected branches to circumvent security policies that block direct merge requests.", "spans": {"CVE_ID: CVE-2023-6840": [[0, 13]], "ORGANIZATION: GitLab": [[15, 21]]}, "info": {"id": "nvd_2023_6840", "source": "nvd_cve"}} |
| {"text": "CVE-2023-6736: Malicious CODEOWNERS content in GitLab causes client-side denial of service through inefficient regular expression processing.", "spans": {"CVE_ID: CVE-2023-6736": [[0, 13]], "SYSTEM: CODEOWNERS": [[25, 35]], "ORGANIZATION: GitLab": [[47, 53]], "VULNERABILITY: denial of service": [[73, 90]]}, "info": {"id": "nvd_2023_6736", "source": "nvd_cve"}} |
| {"text": "CVE-2023-4378: GitLab maintainers can leak Sentry error tracking tokens by modifying configured URLs in project settings pages.", "spans": {"CVE_ID: CVE-2023-4378": [[0, 13]], "ORGANIZATION: GitLab": [[15, 21]]}, "info": {"id": "nvd_2023_4378", "source": "nvd_cve"}} |
| {"text": "CVE-2025-45083: Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers to bypass parental pin feature via unspecified vectors.", "spans": {"CVE_ID: CVE-2025-45083": [[0, 14]], "VULNERABILITY: Incorrect access control": [[16, 40]], "SYSTEM: Ullu": [[44, 48]], "SYSTEM: Android": [[50, 57]]}, "info": {"id": "nvd_2025_45083", "source": "nvd_cve"}} |
| {"text": "CVE-2025-53100: RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated remote command injection attack on a running MCP Server. This issue has been patched in version 0.2.2.", "spans": {"CVE_ID: CVE-2025-53100": [[0, 14]], "VULNERABILITY: command injection": [[177, 194], [319, 336]]}, "info": {"id": "nvd_2025_53100", "source": "nvd_cve"}} |
| {"text": "CVE-2025-27153: Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11.", "spans": {"CVE_ID: CVE-2025-27153": [[0, 14]], "VULNERABILITY: improper access control": [[122, 145]]}, "info": {"id": "nvd_2025_27153", "source": "nvd_cve"}} |
| {"text": "CVE-2025-46259: Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7.", "spans": {"CVE_ID: CVE-2025-46259": [[0, 14]], "VULNERABILITY: Missing Authorization": [[16, 37]]}, "info": {"id": "nvd_2025_46259", "source": "nvd_cve"}} |
| {"text": "CVE-2025-48379: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.", "spans": {"CVE_ID: CVE-2025-48379": [[0, 14]], "VULNERABILITY: buffer overflow": [[105, 120]]}, "info": {"id": "nvd_2025_48379", "source": "nvd_cve"}} |
| {"text": "CVE-2025-52101: linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted \"password\" and \"salt\". The password can then be obtained through brute-force cracking.", "spans": {"CVE_ID: CVE-2025-52101": [[0, 14]], "VULNERABILITY: Incorrect Access Control": [[50, 74]]}, "info": {"id": "nvd_2025_52101", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49741: No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.", "spans": {"CVE_ID: CVE-2025-49741": [[0, 14]], "ORGANIZATION: Microsoft": [[41, 50]]}, "info": {"id": "nvd_2025_49741", "source": "nvd_cve"}} |
| {"text": "CVE-2025-36630: In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.", "spans": {"CVE_ID: CVE-2025-36630": [[0, 14]], "SYSTEM: Windows": [[64, 71]]}, "info": {"id": "nvd_2025_36630", "source": "nvd_cve"}} |
| {"text": "CVE-2024-11405: The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "spans": {"CVE_ID: CVE-2024-11405": [[0, 14]], "SYSTEM: WordPress": [[63, 72]], "VULNERABILITY: Reflected Cross-Site Scripting": [[90, 120]]}, "info": {"id": "nvd_2024_11405", "source": "nvd_cve"}} |
| {"text": "CVE-2025-4654: The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)", "spans": {"CVE_ID: CVE-2025-4654": [[0, 13]], "SYSTEM: WordPress": [[43, 52]], "VULNERABILITY: unauthorized access": [[70, 89]], "VULNERABILITY: improper authorization": [[124, 146]], "FILEPATH: /edit/delete": [[292, 304]]}, "info": {"id": "nvd_2025_4654", "source": "nvd_cve"}} |
| {"text": "CVE-2025-5014: The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wp_rem_cs_widget_file_delete' function in all versions up to, and including, 2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).", "spans": {"CVE_ID: CVE-2025-5014": [[0, 13]], "SYSTEM: WordPress": [[45, 54], [71, 80]], "VULNERABILITY: remote code execution": [[411, 432]]}, "info": {"id": "nvd_2025_5014", "source": "nvd_cve"}} |
| {"text": "CVE-2025-5817: The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.", "spans": {"CVE_ID: CVE-2025-5817": [[0, 13]], "ORGANIZATION: Amazon": [[19, 25]], "SYSTEM: WordPress": [[61, 70]], "VULNERABILITY: Server-Side Request Forgery": [[88, 115]], "FILEPATH: wcta2w_get_urls()": [[168, 185]]}, "info": {"id": "nvd_2025_5817", "source": "nvd_cve"}} |
| {"text": "CVE-2025-6437: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "spans": {"CVE_ID: CVE-2025-6437": [[0, 13]], "SYSTEM: WordPress": [[50, 59], [91, 100]], "VULNERABILITY: SQL Injection": [[118, 131]]}, "info": {"id": "nvd_2025_6437", "source": "nvd_cve"}} |
| {"text": "CVE-2025-6459: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "spans": {"CVE_ID: CVE-2025-6459": [[0, 13]], "SYSTEM: WordPress": [[50, 59], [91, 100]], "VULNERABILITY: Cross-Site Request Forgery": [[118, 144]]}, "info": {"id": "nvd_2025_6459", "source": "nvd_cve"}} |
| {"text": "CVE-2025-6686: The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on the 'text' user supplied attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "spans": {"CVE_ID: CVE-2025-6686": [[0, 13]], "SYSTEM: WordPress": [[58, 67]], "VULNERABILITY: Stored Cross-Site Scripting": [[85, 112]]}, "info": {"id": "nvd_2025_6686", "source": "nvd_cve"}} |
| {"text": "CVE-2025-6687: The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on the 'icon' user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "spans": {"CVE_ID: CVE-2025-6687": [[0, 13]], "SYSTEM: WordPress": [[58, 67]], "VULNERABILITY: Stored Cross-Site Scripting": [[85, 112]]}, "info": {"id": "nvd_2025_6687", "source": "nvd_cve"}} |
| {"text": "CVE-2025-52462: Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL.", "spans": {"CVE_ID: CVE-2025-52462": [[0, 14]], "VULNERABILITY: Cross-site scripting": [[16, 36]]}, "info": {"id": "nvd_2025_52462", "source": "nvd_cve"}} |
| {"text": "CVE-2025-52463: Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted URL while being logged in.", "spans": {"CVE_ID: CVE-2025-52463": [[0, 14]], "VULNERABILITY: Cross-site request forgery": [[16, 42]]}, "info": {"id": "nvd_2025_52463", "source": "nvd_cve"}} |
| {"text": "CVE-2025-6017: A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.", "spans": {"CVE_ID: CVE-2025-6017": [[0, 13]], "ORGANIZATION: Red Hat": [[35, 42]]}, "info": {"id": "nvd_2025_6017", "source": "nvd_cve"}} |
| {"text": "CVE-2025-24330: Sending a crafted SOAP \"provision\" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.\n\nBeginning with release 24R1-SR 1.0 MP, the OAM service software performed PlanId field input validations mitigate the reported path traversal issue.", "spans": {"CVE_ID: CVE-2025-24330": [[0, 14]], "VULNERABILITY: path traversal": [[188, 202], [493, 507]]}, "info": {"id": "nvd_2025_24330", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49556: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.", "spans": {"CVE_ID: CVE-2025-49556": [[0, 14]], "ORGANIZATION: Adobe": [[16, 21]]}, "info": {"id": "nvd_2025_49556", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49558: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.", "spans": {"CVE_ID: CVE-2025-49558": [[0, 14]], "ORGANIZATION: Adobe": [[16, 21]], "VULNERABILITY: Race Condition": [[171, 185]]}, "info": {"id": "nvd_2025_49558", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49559: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.", "spans": {"CVE_ID: CVE-2025-49559": [[0, 14]], "ORGANIZATION: Adobe": [[16, 21]], "VULNERABILITY: Path Traversal": [[199, 213]]}, "info": {"id": "nvd_2025_49559", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49707: Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.", "spans": {"CVE_ID: CVE-2025-49707": [[0, 14]], "VULNERABILITY: Improper access control": [[16, 39]]}, "info": {"id": "nvd_2025_49707", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49712: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-49712": [[0, 14]], "VULNERABILITY: Deserialization": [[16, 31]], "ORGANIZATION: Microsoft": [[53, 62]]}, "info": {"id": "nvd_2025_49712", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49736: The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.", "spans": {"CVE_ID: CVE-2025-49736": [[0, 14]], "ORGANIZATION: Microsoft": [[52, 61]], "SYSTEM: Android": [[71, 78]]}, "info": {"id": "nvd_2025_49736", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49743: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.", "spans": {"CVE_ID: CVE-2025-49743": [[0, 14]], "VULNERABILITY: race condition": [[91, 105]], "ORGANIZATION: Microsoft": [[111, 120]]}, "info": {"id": "nvd_2025_49743", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49745: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.", "spans": {"CVE_ID: CVE-2025-49745": [[0, 14]], "VULNERABILITY: Improper neutralization": [[16, 39]], "VULNERABILITY: cross-site scripting": [[78, 98]], "ORGANIZATION: Microsoft": [[104, 113]]}, "info": {"id": "nvd_2025_49745", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49751: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.", "spans": {"CVE_ID: CVE-2025-49751": [[0, 14]], "SYSTEM: Windows": [[43, 50]]}, "info": {"id": "nvd_2025_49751", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49755: User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.", "spans": {"CVE_ID: CVE-2025-49755": [[0, 14]], "ORGANIZATION: Microsoft": [[81, 90]], "SYSTEM: Android": [[100, 107]]}, "info": {"id": "nvd_2025_49755", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49757: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-49757": [[0, 14]], "VULNERABILITY: buffer overflow": [[27, 42]], "SYSTEM: Windows": [[46, 53]]}, "info": {"id": "nvd_2025_49757", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49758: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.", "spans": {"CVE_ID: CVE-2025-49758": [[0, 14]], "VULNERABILITY: Improper neutralization": [[16, 39]], "VULNERABILITY: sql injection": [[85, 98]]}, "info": {"id": "nvd_2025_49758", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49759: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.", "spans": {"CVE_ID: CVE-2025-49759": [[0, 14]], "VULNERABILITY: Improper neutralization": [[16, 39]], "VULNERABILITY: sql injection": [[85, 98]]}, "info": {"id": "nvd_2025_49759", "source": "nvd_cve"}} |
| {"text": "CVE-2025-49762: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "spans": {"CVE_ID: CVE-2025-49762": [[0, 14]], "VULNERABILITY: race condition": [[91, 105]], "SYSTEM: Windows": [[111, 118]]}, "info": {"id": "nvd_2025_49762", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50153: Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.", "spans": {"CVE_ID: CVE-2025-50153": [[0, 14]], "SYSTEM: Windows": [[42, 49]]}, "info": {"id": "nvd_2025_50153", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50154: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.", "spans": {"CVE_ID: CVE-2025-50154": [[0, 14]], "SYSTEM: Windows": [[78, 85]]}, "info": {"id": "nvd_2025_50154", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50155: Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.", "spans": {"CVE_ID: CVE-2025-50155": [[0, 14]], "VULNERABILITY: type confusion": [[61, 75]], "SYSTEM: Windows": [[81, 88]]}, "info": {"id": "nvd_2025_50155", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50156: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.", "spans": {"CVE_ID: CVE-2025-50156": [[0, 14]], "SYSTEM: Windows": [[49, 56]]}, "info": {"id": "nvd_2025_50156", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50157: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.", "spans": {"CVE_ID: CVE-2025-50157": [[0, 14]], "SYSTEM: Windows": [[49, 56]]}, "info": {"id": "nvd_2025_50157", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50158: Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.", "spans": {"CVE_ID: CVE-2025-50158": [[0, 14]], "VULNERABILITY: race condition": [[51, 65]], "SYSTEM: Windows": [[69, 76]]}, "info": {"id": "nvd_2025_50158", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50160: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-50160": [[0, 14]], "VULNERABILITY: buffer overflow": [[27, 42]], "SYSTEM: Windows": [[46, 53]]}, "info": {"id": "nvd_2025_50160", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50161: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.", "spans": {"CVE_ID: CVE-2025-50161": [[0, 14]], "VULNERABILITY: buffer overflow": [[27, 42]], "SYSTEM: Windows": [[46, 53]]}, "info": {"id": "nvd_2025_50161", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50162: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-50162": [[0, 14]], "VULNERABILITY: buffer overflow": [[27, 42]], "SYSTEM: Windows": [[46, 53]]}, "info": {"id": "nvd_2025_50162", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50163: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-50163": [[0, 14]], "VULNERABILITY: buffer overflow": [[27, 42]], "SYSTEM: Windows": [[46, 53]]}, "info": {"id": "nvd_2025_50163", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50164: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-50164": [[0, 14]], "VULNERABILITY: buffer overflow": [[27, 42]], "SYSTEM: Windows": [[46, 53]]}, "info": {"id": "nvd_2025_50164", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50165: Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-50165": [[0, 14]], "ORGANIZATION: Microsoft": [[49, 58]]}, "info": {"id": "nvd_2025_50165", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50166: Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.", "spans": {"CVE_ID: CVE-2025-50166": [[0, 14]], "VULNERABILITY: Integer overflow": [[16, 32]], "SYSTEM: Windows": [[50, 57]]}, "info": {"id": "nvd_2025_50166", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50167: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.", "spans": {"CVE_ID: CVE-2025-50167": [[0, 14]], "VULNERABILITY: race condition": [[91, 105]], "SYSTEM: Windows": [[111, 118]]}, "info": {"id": "nvd_2025_50167", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50168: Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.", "spans": {"CVE_ID: CVE-2025-50168": [[0, 14]], "VULNERABILITY: type confusion": [[61, 75]], "SYSTEM: Windows": [[81, 88]]}, "info": {"id": "nvd_2025_50168", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50169: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-50169": [[0, 14]], "VULNERABILITY: race condition": [[91, 105]], "SYSTEM: Windows": [[111, 118]]}, "info": {"id": "nvd_2025_50169", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50170: Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.", "spans": {"CVE_ID: CVE-2025-50170": [[0, 14]], "SYSTEM: Windows": [[79, 86]]}, "info": {"id": "nvd_2025_50170", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50171: Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.", "spans": {"CVE_ID: CVE-2025-50171": [[0, 14]], "VULNERABILITY: Missing authorization": [[16, 37]]}, "info": {"id": "nvd_2025_50171", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50172: Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.", "spans": {"CVE_ID: CVE-2025-50172": [[0, 14]], "SYSTEM: Windows": [[72, 79]]}, "info": {"id": "nvd_2025_50172", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50173: Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.", "spans": {"CVE_ID: CVE-2025-50173": [[0, 14]], "SYSTEM: Windows": [[39, 46]]}, "info": {"id": "nvd_2025_50173", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50176: Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.", "spans": {"CVE_ID: CVE-2025-50176": [[0, 14]], "VULNERABILITY: type confusion": [[61, 75]]}, "info": {"id": "nvd_2025_50176", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50177: Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-50177": [[0, 14]], "SYSTEM: Windows": [[34, 41]]}, "info": {"id": "nvd_2025_50177", "source": "nvd_cve"}} |
| {"text": "CVE-2025-53131: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.", "spans": {"CVE_ID: CVE-2025-53131": [[0, 14]], "VULNERABILITY: buffer overflow": [[27, 42]], "SYSTEM: Windows": [[46, 53]]}, "info": {"id": "nvd_2025_53131", "source": "nvd_cve"}} |
| {"text": "CVE-2025-44034: SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController", "spans": {"CVE_ID: CVE-2025-44034": [[0, 14]], "VULNERABILITY: SQL injection": [[16, 29]], "FILEPATH: /main/Java/cn/gson/oasys/controller/address/AddrController": [[150, 208]]}, "info": {"id": "nvd_2025_44034", "source": "nvd_cve"}} |
| {"text": "CVE-2025-52044: In Frappe ERPNext v15.57.5, the function get_stock_balance() at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventory_dimensions_dict parameter.", "spans": {"CVE_ID: CVE-2025-52044": [[0, 14]], "FILEPATH: get_stock_balance()": [[57, 76]], "FILEPATH: /stock/utils.py": [[87, 102]], "VULNERABILITY: SQL Injection": [[120, 133]]}, "info": {"id": "nvd_2025_52044", "source": "nvd_cve"}} |
| {"text": "CVE-2025-8057: Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client.This issue affects HumanSuite: before 53.21.0.", "spans": {"CVE_ID: CVE-2025-8057": [[0, 13]], "VULNERABILITY: Authorization Bypass": [[15, 35]], "VULNERABILITY: Improper Authorization": [[130, 152]]}, "info": {"id": "nvd_2025_8057", "source": "nvd_cve"}} |
| {"text": "CVE-2025-8276: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Patika Global Technologies HumanSuite allows Cross-Site Scripting (XSS), Phishing.This issue affects HumanSuite: before 53.21.0.", "spans": {"CVE_ID: CVE-2025-8276": [[0, 13]], "VULNERABILITY: Improper Neutralization": [[15, 38], [149, 172]], "VULNERABILITY: Cross-site Scripting": [[84, 104]], "VULNERABILITY: Cross-Site Scripting": [[310, 330]]}, "info": {"id": "nvd_2025_8276", "source": "nvd_cve"}} |
| {"text": "CVE-2009-20005: A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.", "spans": {"CVE_ID: CVE-2009-20005": [[0, 14]], "VULNERABILITY: buffer overflow": [[30, 45]], "SYSTEM: HTTP": [[180, 184]]}, "info": {"id": "nvd_2009_20005", "source": "nvd_cve"}} |
| {"text": "CVE-2009-20007: Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.", "spans": {"CVE_ID: CVE-2009-20007": [[0, 14]], "VULNERABILITY: buffer overflow": [[71, 86]], "VULNERABILITY: arbitrary code execution": [[295, 319]]}, "info": {"id": "nvd_2009_20007", "source": "nvd_cve"}} |
| {"text": "CVE-2024-13149: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection.This issue affects Armalife: through 20250916. \n\nNOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.", "spans": {"CVE_ID: CVE-2024-13149": [[0, 14]], "VULNERABILITY: Improper Neutralization": [[16, 39]], "VULNERABILITY: SQL Injection": [[85, 98], [217, 230]]}, "info": {"id": "nvd_2024_13149", "source": "nvd_cve"}} |
| {"text": "CVE-2024-13174: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E1 Informatics Web Application allows SQL Injection.This issue affects Web Application: through 20250916. \n\nNOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.", "spans": {"CVE_ID: CVE-2024-13174": [[0, 14]], "VULNERABILITY: Improper Neutralization": [[16, 39]], "VULNERABILITY: SQL Injection": [[85, 98], [156, 169]]}, "info": {"id": "nvd_2024_13174", "source": "nvd_cve"}} |
| {"text": "CVE-2025-36244: IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.", "spans": {"CVE_ID: CVE-2025-36244": [[0, 14]], "ORGANIZATION: IBM": [[16, 19], [34, 37]], "SYSTEM: AIX": [[20, 23]]}, "info": {"id": "nvd_2025_36244", "source": "nvd_cve"}} |
| {"text": "CVE-2025-59270: psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.", "spans": {"CVE_ID: CVE-2025-59270": [[0, 14]], "SYSTEM: SAML": [[129, 133]]}, "info": {"id": "nvd_2025_59270", "source": "nvd_cve"}} |
| {"text": "CVE-2025-8893: A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", "spans": {"CVE_ID: CVE-2025-8893": [[0, 13]], "VULNERABILITY: Out-of-Bounds Write": [[107, 126]]}, "info": {"id": "nvd_2025_8893", "source": "nvd_cve"}} |
| {"text": "CVE-2025-20386: In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.", "spans": {"CVE_ID: CVE-2025-20386": [[0, 14]], "SYSTEM: Windows": [[41, 48], [233, 240]]}, "info": {"id": "nvd_2025_20386", "source": "nvd_cve"}} |
| {"text": "CVE-2025-20387: In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.", "spans": {"CVE_ID: CVE-2025-20387": [[0, 14]], "SYSTEM: Windows": [[50, 57], [244, 251]]}, "info": {"id": "nvd_2025_20387", "source": "nvd_cve"}} |
| {"text": "CVE-2025-20389: In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).", "spans": {"CVE_ID: CVE-2025-20389": [[0, 14]], "VULNERABILITY: denial of service": [[437, 454]]}, "info": {"id": "nvd_2025_20389", "source": "nvd_cve"}} |
| {"text": "CVE-2025-34319: TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.", "spans": {"CVE_ID: CVE-2025-34319": [[0, 14]], "VULNERABILITY: command injection": [[144, 161]]}, "info": {"id": "nvd_2025_34319", "source": "nvd_cve"}} |
| {"text": "CVE-2025-53965: An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error.", "spans": {"CVE_ID: CVE-2025-53965": [[0, 14]], "ORGANIZATION: Samsung": [[43, 50]]}, "info": {"id": "nvd_2025_53965", "source": "nvd_cve"}} |
| {"text": "CVE-2025-54326: An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.", "spans": {"CVE_ID: CVE-2025-54326": [[0, 14]], "ORGANIZATION: Samsung": [[53, 60]], "VULNERABILITY: NULL pointer dereference": [[192, 216]], "VULNERABILITY: denial of service": [[233, 250]]}, "info": {"id": "nvd_2025_54326", "source": "nvd_cve"}} |
| {"text": "CVE-2025-55076: A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.", "spans": {"CVE_ID: CVE-2025-55076": [[0, 14]], "VULNERABILITY: privilege escalation": [[24, 44]], "SYSTEM: macOS": [[162, 167]], "VULNERABILITY: arbitrary commands": [[294, 312]]}, "info": {"id": "nvd_2025_55076", "source": "nvd_cve"}} |
| {"text": "CVE-2025-62686: A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges.", "spans": {"CVE_ID: CVE-2025-62686": [[0, 14]], "VULNERABILITY: privilege escalation": [[24, 44]], "SYSTEM: macOS": [[177, 182]]}, "info": {"id": "nvd_2025_62686", "source": "nvd_cve"}} |
| {"text": "CVE-2024-3884: A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.", "spans": {"CVE_ID: CVE-2024-3884": [[0, 13]], "VULNERABILITY: denial of service": [[66, 83], [352, 369]]}, "info": {"id": "nvd_2024_3884", "source": "nvd_cve"}} |
| {"text": "CVE-2025-13992: Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)", "spans": {"CVE_ID: CVE-2025-13992": [[0, 14]], "VULNERABILITY: information leak": [[29, 45]], "ORGANIZATION: Google": [[78, 84]]}, "info": {"id": "nvd_2025_13992", "source": "nvd_cve"}} |
| {"text": "CVE-2025-33201: NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service.", "spans": {"CVE_ID: CVE-2025-33201": [[0, 14]], "ORGANIZATION: NVIDIA": [[16, 22]], "VULNERABILITY: denial of service": [[250, 267]]}, "info": {"id": "nvd_2025_33201", "source": "nvd_cve"}} |
| {"text": "CVE-2025-33208: NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure.", "spans": {"CVE_ID: CVE-2025-33208": [[0, 14]], "ORGANIZATION: NVIDIA": [[16, 22]], "VULNERABILITY: denial of service": [[234, 251]], "VULNERABILITY: information disclosure": [[253, 275]]}, "info": {"id": "nvd_2025_33208", "source": "nvd_cve"}} |
| {"text": "CVE-2025-33211: NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.", "spans": {"CVE_ID: CVE-2025-33211": [[0, 14]], "ORGANIZATION: NVIDIA": [[16, 22]], "VULNERABILITY: denial of service": [[210, 227]]}, "info": {"id": "nvd_2025_33211", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50360: A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.", "spans": {"CVE_ID: CVE-2025-50360": [[0, 14]], "VULNERABILITY: buffer overflow": [[23, 38]], "VULNERABILITY: arbitrary code execution": [[204, 228]], "VULNERABILITY: Denial of Service": [[232, 249]]}, "info": {"id": "nvd_2025_50360", "source": "nvd_cve"}} |
| {"text": "CVE-2025-66032: Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.", "spans": {"CVE_ID: CVE-2025-66032": [[0, 14]], "VULNERABILITY: arbitrary code execution": [[224, 248]]}, "info": {"id": "nvd_2025_66032", "source": "nvd_cve"}} |
| {"text": "CVE-2025-66208: Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.", "spans": {"CVE_ID: CVE-2025-66208": [[0, 14]], "VULNERABILITY: Command Injection": [[253, 270]]}, "info": {"id": "nvd_2025_66208", "source": "nvd_cve"}} |
| {"text": "CVE-2025-66220: Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\\0) inside an OTHERNAME SAN value as valid matches.", "spans": {"CVE_ID: CVE-2025-66220": [[0, 14]], "SYSTEM: Envoy": [[16, 21], [121, 126]], "FILEPATH: /middle/service": [[48, 63]]}, "info": {"id": "nvd_2025_66220", "source": "nvd_cve"}} |
| {"text": "CVE-2025-66222: DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC bridge, this XSS can be escalated to Remote Code Execution (RCE) by registering and starting a malicious MCP (Model Context Protocol) server.", "spans": {"CVE_ID: CVE-2025-66222": [[0, 14]], "VULNERABILITY: Stored Cross-Site Scripting": [[109, 136]], "VULNERABILITY: Remote Code Execution": [[348, 369]]}, "info": {"id": "nvd_2025_66222", "source": "nvd_cve"}} |
| {"text": "CVE-2025-13086: Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client", "spans": {"CVE_ID: CVE-2025-13086": [[0, 14]], "VULNERABILITY: denial of service": [[248, 265]]}, "info": {"id": "nvd_2025_13086", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50361: Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash.", "spans": {"CVE_ID: CVE-2025-50361": [[0, 14]], "VULNERABILITY: Buffer Overflow": [[16, 31]], "VULNERABILITY: information leak": [[211, 227]]}, "info": {"id": "nvd_2025_50361", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15262: A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.", "spans": {"CVE_ID: CVE-2025-15262": [[0, 14]], "FILEPATH: /admin/edit.php": [[131, 146]]}, "info": {"id": "nvd_2025_15262", "source": "nvd_cve"}} |
| {"text": "CVE-2025-56332: Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration", "spans": {"CVE_ID: CVE-2025-56332": [[0, 14]], "VULNERABILITY: Authentication Bypass": [[16, 37]]}, "info": {"id": "nvd_2025_56332", "source": "nvd_cve"}} |
| {"text": "CVE-2025-65409: A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.", "spans": {"CVE_ID: CVE-2025-65409": [[0, 14]], "VULNERABILITY: Denial of Service": [[120, 137]]}, "info": {"id": "nvd_2025_65409", "source": "nvd_cve"}} |
| {"text": "CVE-2025-65411: A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.", "spans": {"CVE_ID: CVE-2025-65411": [[0, 14]], "VULNERABILITY: NULL pointer dereference": [[18, 42]], "VULNERABILITY: Denial of Service": [[121, 138]]}, "info": {"id": "nvd_2025_65411", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15263: A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.", "spans": {"CVE_ID: CVE-2025-15263": [[0, 14]], "FILEPATH: /admin/login.php": [[125, 141]], "VULNERABILITY: sql injection": [[234, 247]]}, "info": {"id": "nvd_2025_15263", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15264: A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.", "spans": {"CVE_ID: CVE-2025-15264": [[0, 14]], "FILEPATH: /web/timthumb.php": [[124, 141]], "VULNERABILITY: server-side request forgery": [[224, 251]]}, "info": {"id": "nvd_2025_15264", "source": "nvd_cve"}} |
| {"text": "CVE-2025-66824: A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meeting_room parameter and executed when users visit the Conference Info page, allowing attackers to achieve full Account Takeover (ATO). This issue is caused by improper sanitization of user-supplied input in the meeting_room field.", "spans": {"CVE_ID: CVE-2025-66824": [[0, 14]], "VULNERABILITY: Stored Cross-Site Scripting": [[18, 45]]}, "info": {"id": "nvd_2025_66824", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15353: A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.", "spans": {"CVE_ID: CVE-2025-15353": [[0, 14]], "FILEPATH: /admin/edit_admin_query.php.": [[146, 174]], "VULNERABILITY: sql injection": [[235, 248]]}, "info": {"id": "nvd_2025_15353", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15354: A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.", "spans": {"CVE_ID: CVE-2025-15354": [[0, 14]], "FILEPATH: /admin/add_admin.php.": [[141, 162]], "VULNERABILITY: sql injection": [[223, 236]]}, "info": {"id": "nvd_2025_15354", "source": "nvd_cve"}} |
| {"text": "CVE-2025-50343: An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.", "spans": {"CVE_ID: CVE-2025-50343": [[0, 14]], "VULNERABILITY: memory corruption": [[70, 87]], "VULNERABILITY: out-of-bounds read": [[225, 243]]}, "info": {"id": "nvd_2025_50343", "source": "nvd_cve"}} |
| {"text": "CVE-2025-69261: WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue.", "spans": {"CVE_ID: CVE-2025-69261": [[0, 14]], "FILEPATH: /include/runtime/instance/memory.h": [[113, 147]]}, "info": {"id": "nvd_2025_69261", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15356: A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", "spans": {"CVE_ID: CVE-2025-15356": [[0, 14]], "FILEPATH: /goform/PowerSaveSet.": [[136, 157]], "FILEPATH: /time/powerSaveDelay/ledCloseType": [[204, 237]], "VULNERABILITY: buffer overflow": [[247, 262]]}, "info": {"id": "nvd_2025_15356", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15357: A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.", "spans": {"CVE_ID: CVE-2025-15357": [[0, 14]], "ORGANIZATION: D-Link": [[45, 51]], "VULNERABILITY: command injection": [[191, 208]]}, "info": {"id": "nvd_2025_15357", "source": "nvd_cve"}} |
| {"text": "CVE-2025-66723: inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.", "spans": {"CVE_ID: CVE-2025-66723": [[0, 14]], "SYSTEM: HTTP": [[103, 107]]}, "info": {"id": "nvd_2025_66723", "source": "nvd_cve"}} |
| {"text": "CVE-2025-15360: A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.", "spans": {"CVE_ID: CVE-2025-15360": [[0, 14]], "FILEPATH: /main/java/ltd/newbee/mall/controller/common/UploadController.java": [[122, 188]]}, "info": {"id": "nvd_2025_15360", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50691: MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system access.", "spans": {"CVE_ID: CVE-2022-50691": [[0, 14]], "VULNERABILITY: arbitrary commands": [[132, 150]], "FILEPATH: /tpl/commands.sh": [[222, 238]]}, "info": {"id": "nvd_2022_50691", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50692: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the application.", "spans": {"CVE_ID: CVE-2022-50692": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: unauthorized access": [[280, 299]]}, "info": {"id": "nvd_2022_50692", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50694: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access unauthorized database information.", "spans": {"CVE_ID: CVE-2022-50694": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: SQL injection": [[64, 77]]}, "info": {"id": "nvd_2022_50694", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50695: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external hosts.", "spans": {"CVE_ID: CVE-2022-50695": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]]}, "info": {"id": "nvd_2022_50695", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50696: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions without requiring user interaction.", "spans": {"CVE_ID: CVE-2022-50696": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: unauthorized access": [[241, 260]], "SYSTEM: Windows": [[292, 299]]}, "info": {"id": "nvd_2022_50696", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50787: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim browser sessions without authentication.", "spans": {"CVE_ID: CVE-2022-50787": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: stored cross-site scripting": [[87, 114]]}, "info": {"id": "nvd_2022_50787", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50788: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication.", "spans": {"CVE_ID: CVE-2022-50788": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: information disclosure": [[64, 86]]}, "info": {"id": "nvd_2022_50788", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50789: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the vulnerable dns.php script, which triggers command execution and then deletes the file.", "spans": {"CVE_ID: CVE-2022-50789": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: command injection": [[63, 80]], "SYSTEM: HTTP": [[286, 290]]}, "info": {"id": "nvd_2022_50789", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50790: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication.", "spans": {"CVE_ID: CVE-2022-50790": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]]}, "info": {"id": "nvd_2022_50790", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50791: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script, which triggers the malicious file and then deletes it.", "spans": {"CVE_ID: CVE-2022-50791": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: command injection": [[75, 92]], "SYSTEM: HTTP": [[260, 264]]}, "info": {"id": "nvd_2022_50791", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50792: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected device.", "spans": {"CVE_ID: CVE-2022-50792": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]]}, "info": {"id": "nvd_2022_50792", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50793: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' parameter values to execute arbitrary system commands with www-data user privileges.", "spans": {"CVE_ID: CVE-2022-50793": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: command injection": [[78, 95]]}, "info": {"id": "nvd_2022_50793", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50794: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands.", "spans": {"CVE_ID: CVE-2022-50794": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: command injection": [[96, 113]], "SYSTEM: HTTP": [[259, 263]]}, "info": {"id": "nvd_2022_50794", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50795: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the traceroute.php script, which triggers the malicious file and then deletes it after execution.", "spans": {"CVE_ID: CVE-2022-50795": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: command injection": [[75, 92]], "SYSTEM: HTTP": [[260, 264]]}, "info": {"id": "nvd_2022_50795", "source": "nvd_cve"}} |
| {"text": "CVE-2022-50796: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code execution.", "spans": {"CVE_ID: CVE-2022-50796": [[0, 14]], "FILEPATH: /FIRST/PULSE/Eco": [[29, 45]], "VULNERABILITY: remote code execution": [[80, 101]], "VULNERABILITY: path traversal": [[158, 172]], "VULNERABILITY: unauthorized access": [[298, 317]]}, "info": {"id": "nvd_2022_50796", "source": "nvd_cve"}} |
| {"text": "CVE-2025-14795: The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss_addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to the spam allowlist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The vulnerability was partially patched in version 2026.1.", "spans": {"CVE_ID: CVE-2025-14795": [[0, 14]], "SYSTEM: WordPress": [[53, 62]], "VULNERABILITY: Cross-Site Request Forgery": [[80, 106]]}, "info": {"id": "nvd_2025_14795", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1060: The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission_callback set to __return_true, allowing unauthenticated attackers to retrieve the complete list of available addons, their installation status, version numbers, and download URLs.", "spans": {"CVE_ID: CVE-2026-1060": [[0, 13]], "SYSTEM: WordPress": [[42, 51]], "VULNERABILITY: Information Exposure": [[79, 99]], "FILEPATH: /wp-json/adminify/v1/get-addons-list": [[154, 190]]}, "info": {"id": "nvd_2026_1060", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1521: A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The patch is named 69b53add90a9479d7960b822fc60601d659c328b. It is recommended to apply a patch to fix this issue.", "spans": {"CVE_ID: CVE-2026-1521": [[0, 13]], "FILEPATH: /sgwc/s5c-handler.c": [[167, 186]], "VULNERABILITY: denial of service": [[247, 264]]}, "info": {"id": "nvd_2026_1521", "source": "nvd_cve"}} |
| {"text": "CVE-2025-57283: The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.", "spans": {"CVE_ID: CVE-2025-57283": [[0, 14]], "VULNERABILITY: command injection": [[72, 89]]}, "info": {"id": "nvd_2025_57283", "source": "nvd_cve"}} |
| {"text": "CVE-2025-70336: A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live Stream' pages.", "spans": {"CVE_ID: CVE-2025-70336": [[0, 14]], "VULNERABILITY: Stored cross-site scripting": [[18, 45]]}, "info": {"id": "nvd_2025_70336", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1536: A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction.", "spans": {"CVE_ID: CVE-2026-1536": [[0, 13]], "SYSTEM: HTTP": [[249, 253], [309, 313], [369, 373], [394, 398]]}, "info": {"id": "nvd_2026_1536", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1539: A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.", "spans": {"CVE_ID: CVE-2026-1539": [[0, 13]], "SYSTEM: HTTP": [[47, 51], [161, 165], [429, 433]]}, "info": {"id": "nvd_2026_1539", "source": "nvd_cve"}} |
| {"text": "CVE-2025-13918: Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.", "spans": {"CVE_ID: CVE-2025-13918": [[0, 14]], "ORGANIZATION: Symantec": [[16, 24]]}, "info": {"id": "nvd_2025_13918", "source": "nvd_cve"}} |
| {"text": "CVE-2025-13919: Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry.", "spans": {"CVE_ID: CVE-2025-13919": [[0, 14]], "ORGANIZATION: Symantec": [[16, 24]], "SYSTEM: Windows": [[291, 298]]}, "info": {"id": "nvd_2025_13919", "source": "nvd_cve"}} |
| {"text": "CVE-2025-65886: A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes.", "spans": {"CVE_ID: CVE-2025-65886": [[0, 14]], "VULNERABILITY: Denial of Service": [[93, 110]]}, "info": {"id": "nvd_2025_65886", "source": "nvd_cve"}} |
| {"text": "CVE-2025-65887: A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.", "spans": {"CVE_ID: CVE-2025-65887": [[0, 14]], "FILEPATH: floor_divide()": [[61, 75]], "VULNERABILITY: Denial of Service": [[132, 149]]}, "info": {"id": "nvd_2025_65887", "source": "nvd_cve"}} |
| {"text": "CVE-2025-65888: A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value.", "spans": {"CVE_ID: CVE-2025-65888": [[0, 14]], "VULNERABILITY: Denial of Service": [[119, 136]]}, "info": {"id": "nvd_2025_65888", "source": "nvd_cve"}} |
| {"text": "CVE-2025-65889: A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.", "spans": {"CVE_ID: CVE-2025-65889": [[0, 14]], "VULNERABILITY: Denial of Service": [[116, 133]]}, "info": {"id": "nvd_2025_65889", "source": "nvd_cve"}} |
| {"text": "CVE-2025-65890: A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.", "spans": {"CVE_ID: CVE-2025-65890": [[0, 14]], "VULNERABILITY: Denial of Service": [[90, 107]]}, "info": {"id": "nvd_2025_65890", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1522: A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_response of the file src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This patch is called b19cf6a. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.", "spans": {"CVE_ID: CVE-2026-1522": [[0, 13]], "FILEPATH: /sgwc/s5c-handler.c": [[164, 183]], "VULNERABILITY: denial of service": [[244, 261]]}, "info": {"id": "nvd_2026_1522", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36943: aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application instability and potential crash.", "spans": {"CVE_ID: CVE-2020-36943": [[0, 14]], "VULNERABILITY: denial of service": [[51, 68]]}, "info": {"id": "nvd_2020_36943", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36944: ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.", "spans": {"CVE_ID: CVE-2020-36944": [[0, 14]], "VULNERABILITY: server-side request forgery": [[64, 91]]}, "info": {"id": "nvd_2020_36944", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36945: WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '<email>' OR '1'='1' in both username and password fields to gain unauthorized access to the user panel.", "spans": {"CVE_ID: CVE-2020-36945": [[0, 14]], "VULNERABILITY: SQL injection": [[66, 79]], "VULNERABILITY: unauthorized access": [[297, 316]]}, "info": {"id": "nvd_2020_36945", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36961: 10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution.", "spans": {"CVE_ID: CVE-2020-36961": [[0, 14]], "VULNERABILITY: buffer overflow": [[69, 84]]}, "info": {"id": "nvd_2020_36961", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36962: Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.", "spans": {"CVE_ID: CVE-2020-36962": [[0, 14]], "VULNERABILITY: arbitrary command": [[281, 298]]}, "info": {"id": "nvd_2020_36962", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36963: Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.", "spans": {"CVE_ID: CVE-2020-36963": [[0, 14]], "VULNERABILITY: authentication bypass": [[76, 97]], "SYSTEM: HTTP": [[220, 224]], "FILEPATH: /cgi-bin/DownloadCfg/RouterCfm.cfg": [[240, 274]]}, "info": {"id": "nvd_2020_36963", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36964: YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.", "spans": {"CVE_ID: CVE-2020-36964": [[0, 14]], "VULNERABILITY: denial of service": [[40, 57]], "SYSTEM: FTP": [[107, 110]], "VULNERABILITY: buffer overflow": [[267, 282]]}, "info": {"id": "nvd_2020_36964", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36965: docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler (SEH) overwrite to execute shellcode and gain remote system access.", "spans": {"CVE_ID: CVE-2020-36965": [[0, 14]], "VULNERABILITY: buffer overflow": [[50, 65]]}, "info": {"id": "nvd_2020_36965", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36967: Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system.", "spans": {"CVE_ID: CVE-2020-36967": [[0, 14]], "VULNERABILITY: buffer overflow": [[57, 72]], "VULNERABILITY: remote code execution": [[146, 167]], "VULNERABILITY: arbitrary commands": [[296, 314]]}, "info": {"id": "nvd_2020_36967", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36968: M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.", "spans": {"CVE_ID: CVE-2020-36968": [[0, 14]], "FILEPATH: /api/1/admin/users/list": [[215, 238]], "FILEPATH: /api/1/admin/users/get": [[243, 265]]}, "info": {"id": "nvd_2020_36968", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36969: M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.", "spans": {"CVE_ID: CVE-2020-36969": [[0, 14]], "VULNERABILITY: privilege escalation": [[41, 61]], "FILEPATH: /api/1/admin/users/update": [[213, 238]]}, "info": {"id": "nvd_2020_36969", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36970: PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.", "spans": {"CVE_ID: CVE-2020-36970": [[0, 14]], "FILEPATH: /etc/passwd": [[263, 274]]}, "info": {"id": "nvd_2020_36970", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36971: Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system.", "spans": {"CVE_ID: CVE-2020-36971": [[0, 14]], "VULNERABILITY: buffer overflow": [[75, 90]]}, "info": {"id": "nvd_2020_36971", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36972: SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.", "spans": {"CVE_ID: CVE-2020-36972": [[0, 14]], "VULNERABILITY: SQL injection": [[49, 62]]}, "info": {"id": "nvd_2020_36972", "source": "nvd_cve"}} |
| {"text": "CVE-2020-36973: PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.", "spans": {"CVE_ID: CVE-2020-36973": [[0, 14]], "VULNERABILITY: remote code execution": [[48, 69]], "VULNERABILITY: path traversal": [[303, 317]]}, "info": {"id": "nvd_2020_36973", "source": "nvd_cve"}} |
| {"text": "CVE-2026-1585: An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service.", "spans": {"CVE_ID: CVE-2026-1585": [[0, 13]], "SYSTEM: Windows": [[27, 34], [96, 103]]}, "info": {"id": "nvd_2026_1585", "source": "nvd_cve"}} |
| {"text": "CVE-2026-20792: The WebSocket Application Programming Interface lacks restrictions on \nthe number of authentication requests. This absence of rate limiting may\n allow an attacker to conduct denial-of-service attacks by suppressing \nor misrouting legitimate charger telemetry, or conduct brute-force \nattacks to gain unauthorized access.", "spans": {"CVE_ID: CVE-2026-20792": [[0, 14]], "VULNERABILITY: brute-force \nattack": [[287, 306]], "VULNERABILITY: unauthorized access": [[316, 335]]}, "info": {"id": "nvd_2026_20792", "source": "nvd_cve"}} |
| {"text": "CVE-2026-25113: The WebSocket Application Programming Interface lacks restrictions on \nthe number of authentication requests. This absence of rate limiting may\n allow an attacker to conduct denial-of-service attacks by suppressing \nor mis-routing legitimate charger telemetry, or conduct brute-force \nattacks to gain unauthorized access.", "spans": {"CVE_ID: CVE-2026-25113": [[0, 14]], "VULNERABILITY: brute-force \nattack": [[288, 307]], "VULNERABILITY: unauthorized access": [[317, 336]]}, "info": {"id": "nvd_2026_25113", "source": "nvd_cve"}} |
| {"text": "CVE-2026-25114: The WebSocket Application Programming Interface lacks restrictions on \nthe number of authentication requests. This absence of rate limiting may\n allow an attacker to conduct denial-of-service attacks by suppressing \nor mis-routing legitimate charger telemetry, or conduct brute-force \nattacks to gain unauthorized access.", "spans": {"CVE_ID: CVE-2026-25114": [[0, 14]], "VULNERABILITY: brute-force \nattack": [[288, 307]], "VULNERABILITY: unauthorized access": [[317, 336]]}, "info": {"id": "nvd_2026_25114", "source": "nvd_cve"}} |
| {"text": "CVE-2026-25945: The WebSocket Application Programming Interface lacks restrictions on \nthe number of authentication requests. This absence of rate limiting may\n allow an attacker to conduct denial-of-service attacks by suppressing \nor mis-routing legitimate charger telemetry, or conduct brute-force \nattacks to gain unauthorized access.", "spans": {"CVE_ID: CVE-2026-25945": [[0, 14]], "VULNERABILITY: brute-force \nattack": [[288, 307]], "VULNERABILITY: unauthorized access": [[317, 336]]}, "info": {"id": "nvd_2026_25945", "source": "nvd_cve"}} |
| {"text": "CVE-2026-3269: A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "spans": {"CVE_ID: CVE-2026-3269": [[0, 13]], "FILEPATH: /src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java": [[158, 232]], "VULNERABILITY: denial of service": [[304, 321]]}, "info": {"id": "nvd_2026_3269", "source": "nvd_cve"}} |
| {"text": "CVE-2026-3270: A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "spans": {"CVE_ID: CVE-2026-3270": [[0, 13]], "FILEPATH: /src/main/java/psiprobe/tools/Whois.java": [[141, 181]], "VULNERABILITY: server-side request forgery": [[232, 259]]}, "info": {"id": "nvd_2026_3270", "source": "nvd_cve"}} |
| {"text": "CVE-2026-3271: A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.", "spans": {"CVE_ID: CVE-2026-3271": [[0, 13]], "FILEPATH: /goform/P2pListFilterof": [[120, 143]], "VULNERABILITY: buffer overflow": [[217, 232]]}, "info": {"id": "nvd_2026_3271", "source": "nvd_cve"}} |
| {"text": "CVE-2026-3272: A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.", "spans": {"CVE_ID: CVE-2026-3272": [[0, 13]], "FILEPATH: /goform/DhcpListClient": [[125, 147]], "VULNERABILITY: buffer overflow": [[218, 233]]}, "info": {"id": "nvd_2026_3272", "source": "nvd_cve"}} |
| {"text": "CVE-2026-20742: An OS command injection \n\nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into requests sent to the templates route.", "spans": {"CVE_ID: CVE-2026-20742": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[148, 169]]}, "info": {"id": "nvd_2026_20742", "source": "nvd_cve"}} |
| {"text": "CVE-2026-20902: An OS command injection \n\n\n\nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the map filename field during the map \nupload action of the parameters route.", "spans": {"CVE_ID: CVE-2026-20902": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[150, 171]]}, "info": {"id": "nvd_2026_20902", "source": "nvd_cve"}} |
| {"text": "CVE-2026-20910: An OS command injection \nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the devices field of the firmware update\n update action to achieve remote code execution.", "spans": {"CVE_ID: CVE-2026-20910": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[147, 168], [285, 306]]}, "info": {"id": "nvd_2026_20910", "source": "nvd_cve"}} |
| {"text": "CVE-2026-21389: An OS command injection \nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the request body sent to the contacts \nimport route.", "spans": {"CVE_ID: CVE-2026-21389": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[147, 168]]}, "info": {"id": "nvd_2026_21389", "source": "nvd_cve"}} |
| {"text": "CVE-2026-21718: An authentication bypass vulnerability exists in Copeland XWEB Pro \nversion 1.12.1 and prior, enabling any attackers to bypass the \nauthentication requirement and achieve pre-authenticated code execution \non the system.", "spans": {"CVE_ID: CVE-2026-21718": [[0, 14]], "VULNERABILITY: authentication bypass": [[19, 40]]}, "info": {"id": "nvd_2026_21718", "source": "nvd_cve"}} |
| {"text": "CVE-2026-24445: The WebSocket Application Programming Interface lacks restrictions on \nthe number of authentication requests. This absence of rate limiting may\n allow an attacker to conduct denial-of-service attacks by suppressing \nor mis-routing legitimate charger telemetry, or conduct brute-force \nattacks to gain unauthorized access.", "spans": {"CVE_ID: CVE-2026-24445": [[0, 14]], "VULNERABILITY: brute-force \nattack": [[288, 307]], "VULNERABILITY: unauthorized access": [[317, 336]]}, "info": {"id": "nvd_2026_24445", "source": "nvd_cve"}} |
| {"text": "CVE-2026-24517: An OS command injection \n\n\nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into requests sent to the firmware update \nroute.", "spans": {"CVE_ID: CVE-2026-24517": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[149, 170]]}, "info": {"id": "nvd_2026_24517", "source": "nvd_cve"}} |
| {"text": "CVE-2026-24663: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 \nand prior, enabling an unauthenticated attacker to achieve remote code \nexecution on the system by sending a crafted request to the libraries \ninstallation route and injecting malicious input into the request body.", "spans": {"CVE_ID: CVE-2026-24663": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code \nexecution": [[148, 170]]}, "info": {"id": "nvd_2026_24663", "source": "nvd_cve"}} |
| {"text": "CVE-2026-24689: An OS command injection \n\nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the devices field of the firmware update\n apply action.", "spans": {"CVE_ID: CVE-2026-24689": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[148, 169]]}, "info": {"id": "nvd_2026_24689", "source": "nvd_cve"}} |
| {"text": "CVE-2026-24695: An OS command injection \n\n\n\n\nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into OpenSSL argument fields within requests \nsent to the utility route, leading to remote code execution.", "spans": {"CVE_ID: CVE-2026-24695": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[151, 172], [301, 322]], "SYSTEM: OpenSSL": [[222, 229]]}, "info": {"id": "nvd_2026_24695", "source": "nvd_cve"}} |
| {"text": "CVE-2026-25085: A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in\n which an unexpected return value from the authentication routine is \nlater on processed as a legitimate value, resulting in an authentication\n bypass.", "spans": {"CVE_ID: CVE-2026-25085": [[0, 14]], "VULNERABILITY: authentication\n bypass": [[217, 239]]}, "info": {"id": "nvd_2026_25085", "source": "nvd_cve"}} |
| {"text": "CVE-2026-25109: An OS command injection \n\n\nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the devices field when accessing the get\n setup route, leading to remote code execution.", "spans": {"CVE_ID: CVE-2026-25109": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[149, 170], [286, 307]]}, "info": {"id": "nvd_2026_25109", "source": "nvd_cve"}} |
| {"text": "CVE-2026-25111: An OS command injection \nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into requests sent to the restore route.", "spans": {"CVE_ID: CVE-2026-25111": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[147, 168]]}, "info": {"id": "nvd_2026_25111", "source": "nvd_cve"}} |
| {"text": "CVE-2026-25195: An OS command injection \n\n\n\nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n supplying a crafted firmware update file via the firmware update route.", "spans": {"CVE_ID: CVE-2026-25195": [[0, 14]], "VULNERABILITY: command injection": [[22, 39]], "VULNERABILITY: remote code execution": [[150, 171]]}, "info": {"id": "nvd_2026_25195", "source": "nvd_cve"}} |
|
|
