CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.14)

CVE-2024-54855
Medium

The Vanilla OS 2 Core image v1.1.0 from fabricators Ltd was found to contain static SSH keys, allowing attackers to perform a man-in-the-middle attack during connections with other hosts.

CVE-2025-55462
Medium

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response with Access-Control-Allow-Credentials: true. This enables malicious third-party websites to perform authenticated cross-origin requests against the Eramba API, including endpoints like /system-api/login and /system-api/user/me, exposing sensitive user session data.

CVE-2025-65553
Medium

The D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is susceptible to RF jamming on the 433 MHz alarm sensor channel. An attacker within RF range can transmit continuous interference to block sensor transmissions, resulting in missed alarms and loss of security monitoring. The device lacks jamming detection or mitigations, creating a denial-of-service condition.

CVE-2026-22610
Medium

W Angularze, platformie do tworzenia aplikacji webowych, zidentyfikowano podatność typu cross-site scripting (XSS) w kompilatorze szablonów. Problem wynika z niewłaściwego rozpoznawania atrybutów href i xlink:href w elementach SVG <script> jako kontekstu URL zasobów. Został on naprawiony w wersjach 19.2.18, 20.3.16, 21.0.7 oraz 21.1.0-rc.0.

CVE-2026-0707
Medium

A flaw was found in Keycloak regarding the authorization header parser. This parser is overly permissive regarding the formatting of the 'Bearer' authentication scheme, accepting non-standard characters as separators and tolerating case variations that deviate from RFC 6750 specifications.

CVE-2025-67316
Medium

An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. The supplier is currently disputing this finding and the record is under review.

CVE-2025-59381
Medium

A path traversal vulnerability has been reported to affect several QNAP operating system versions. A remote attacker with an administrator account can exploit this vulnerability to read the contents of unexpected files or system data.

CVE-2024-55374
Medium

A vulnerability in REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy in login attempt responses.

CVE-2025-15128
Medium

A vulnerability was detected in ZKTeco BioTime up to versions 9.0.3/9.0.4/9.5.2, affecting an unknown part of the file /base/safe_setting/ of the Endpoint component. Manipulating the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials.

CVE-2025-66737
Medium

Yealink T21P_E2 Phone version 52.84.0.15 is vulnerable to directory traversal. A remote attacker with normal privileges can read arbitrary files via a crafted request to the diagnostic component's result read function.

CVE-2025-2154
Medium

Podatność CVE-2025-2154 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w systemie Specto CM, co prowadzi do możliwości ataku typu Stored XSS. Problem ten dotyczy wersji przed 17032025.

CVE-2025-68340
Medium

A vulnerability has been identified in the Linux kernel that occurs when adding a port device to a team device while the port is already active. Modifying the team device header can lead to incorrect private data pointing, resulting in system errors.

CVE-2025-67291
Medium

A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to inject malicious JavaScript or HTML into the Name field, leading to script execution in victims' browsers.

CVE-2025-67290
Medium

A stored cross-site scripting (XSS) vulnerability exists in the Page Settings module of Piranha CMS v12.1. Attackers can inject malicious JavaScript or HTML into the Excerpt field, leading to script execution in victims' browsers.

CVE-2025-1885
Medium

Podatność typu 'Open Redirect' w systemie dostarczania jedzenia online firmy Restajet Information Technologies Inc. umożliwia przekierowanie użytkowników na niezaufane strony, co może prowadzić do phishingu oraz nieautoryzowanego przeglądania.

CVE-2025-7047
Medium

W SoliClub od Utarit Informatics Services Inc. występuje luka związana z brakiem autoryzacji, która umożliwia nadużycie uprawnień. Problem dotyczy wersji przed 5.3.7.

CVE-2025-14347
Medium

W podatności CVE-2025-14347 występuje niewłaściwa neutralizacja danych wejściowych podczas generowania stron internetowych w systemie OBS (Student Affairs Information System)0, co pozwala na ataki typu Reflected XSS. Problem dotyczy wersji przed 26.5009.

CVE-2025-65427
Medium

The Dbit N300 T1 Pro router running firmware V1.0.0 lacks rate limiting on the /api/login endpoint, allowing attackers to brute force passwords.

CVE-2025-66963
Medium

A vulnerability in Hitron HI3120 version 7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in index.html.

CVE-2025-67906
Medium

In MISP before version 2.5.28, there is an XSS vulnerability in app/View/Elements/Workflows/executionPath.ctp, allowing for the injection of malicious code in the workflow execution path.

PreviousPage 255 of 551Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS