Discover Vulnerabilities Now!

Vulnerabilities
---
Vendors
---
Products
---
Vulnerability Media Exposure
These listed vulnerabilities have been referenced across multiple public sources, indicating high media attention and potential significance.
See more
CVE-2026-20127 EUVD-2026-8675
CRITICAL

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

cisco:catalyst_sd-wan_manager
cisco:sd-wan_vsmart_controller
CVE-2026-20122 EUVD-2026-8673
MEDIUM

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

cisco:catalyst_sd-wan_manager
CVE-2026-20128 EUVD-2026-8676
HIGH

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

cisco:catalyst_sd-wan_manager
CVE-2026-21385 EUVD-2026-9202
HIGH

Memory corruption while using alignments for memory allocation.

qualcomm:sm7675p_firmware
qualcomm:sm8475p_firmware
qualcomm:sm8550p_firmware
qualcomm:sm8635_firmware
qualcomm:sm8635p_firmware
qualcomm:sm8650q_firmware
qualcomm:sm8750p_firmware
qualcomm:smart_audio_400_platform_firmware
qualcomm:smart_display_200_platform_firmware
qualcomm:snapdragon_4_gen_1_mobile_platform_firmware
qualcomm:snapdragon_4_gen_2_mobile_platform_firmware
qualcomm:snapdragon_429_mobile_platform_firmware
qualcomm:snapdragon_460_mobile_platform_firmware
qualcomm:snapdragon_480\+_5g_mobile_platform_firmware
qualcomm:snapdragon_480_5g_mobile_platform_firmware
qualcomm:snapdragon_6_gen_1_mobile_platform_firmware
qualcomm:snapdragon_6_gen_3_mobile_platform_firmware
qualcomm:snapdragon_6_gen_4_mobile_platform_firmware
qualcomm:snapdragon_625_mobile_platform_firmware
qualcomm:snapdragon_626_mobile_platform_firmware
qualcomm:snapdragon_660_mobile_platform_firmware
qualcomm:snapdragon_662_mobile_platform_firmware
qualcomm:snapdragon_680_4g_mobile_platform_firmware
qualcomm:snapdragon_685_4g_mobile_platform_firmware
qualcomm:snapdragon_690_5g_mobile_platform_firmware
qualcomm:snapdragon_695_5g_mobile_platform_firmware
qualcomm:snapdragon_7\+_gen_2_mobile_platform_firmware
qualcomm:snapdragon_7_gen_1_mobile_platform_firmware
qualcomm:snapdragon_778g\+_5g_mobile_platform_firmware
qualcomm:snapdragon_778g_5g_mobile_platform_firmware
qualcomm:snapdragon_782g_mobile_platform_firmware
qualcomm:snapdragon_7c\+_gen_3_compute_firmware
qualcomm:snapdragon_7s_gen_3_mobile_platform_firmware
qualcomm:snapdragon_8\+_gen_1_mobile_platform_firmware
qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware
qualcomm:snapdragon_8_elite_firmware
qualcomm:snapdragon_8_elite_gen_5_firmware
qualcomm:snapdragon_8_gen_1_mobile_platform_firmware
qualcomm:snapdragon_8_gen_2_mobile_platform_firmware
qualcomm:snapdragon_8_gen_3_mobile_platform_firmware
qualcomm:5g_fixed_wireless_access_platform_firmware
qualcomm:apq8098_firmware
qualcomm:ar8031_firmware
qualcomm:ar8035_firmware
qualcomm:c-v2x_9150_firmware
qualcomm:csra6620_firmware
qualcomm:csra6640_firmware
qualcomm:fastconnect_6200_firmware
qualcomm:fastconnect_6700_firmware
qualcomm:fastconnect_6800_firmware
qualcomm:fastconnect_6900_firmware
qualcomm:fastconnect_7800_firmware
qualcomm:flight_rb5_5g_platform_firmware
qualcomm:fsm100_platform_firmware
qualcomm:g1_gen_1_firmware
qualcomm:g2_gen_1_firmware
qualcomm:iq-615_firmware
qualcomm:iq-8275_firmware
qualcomm:iq-8300_firmware
qualcomm:iq-9075_firmware
qualcomm:iq-9100_firmware
qualcomm:lemans_au_lgit_firmware
qualcomm:lemansau_firmware
qualcomm:mdm9250_firmware
qualcomm:mdm9628_firmware
qualcomm:milos_firmware
qualcomm:monaco_iot_firmware
qualcomm:netrani_firmware
qualcomm:orne_firmware
qualcomm:palawan25_firmware
qualcomm:pandeiro_firmware
qualcomm:qam8255p_firmware
qualcomm:qam8295p_firmware
qualcomm:qamsrv1h_firmware
qualcomm:qamsrv1m_firmware
qualcomm:qca2066_firmware
qualcomm:qca6174a_firmware
qualcomm:qca6391_firmware
qualcomm:qca6564a_firmware
qualcomm:qca6564au_firmware
qualcomm:qca6574_firmware
qualcomm:qca6574a_firmware
qualcomm:qca6574au_firmware
qualcomm:qca6584au_firmware
qualcomm:qca6595_firmware
qualcomm:snapdragon_820_automotive_platform_firmware
qualcomm:snapdragon_820am_firmware
qualcomm:snapdragon_865\+_5g_mobile_platform_firmware
qualcomm:snapdragon_865_5g_mobile_platform_firmware
qualcomm:snapdragon_870_5g_mobile_platform_firmware
qualcomm:snapdragon_888\+_5g_mobile_platform_firmware
qualcomm:snapdragon_888_5g_mobile_platform_firmware
qualcomm:snapdragon_ar1\+_gen_1_platform_firmware
qualcomm:snapdragon_ar1_gen_1_platform_firmware
qualcomm:snapdragon_auto_5g_modem-rf_firmware
qualcomm:snapdragon_w5\+_gen_1_wearable_platform_firmware
qualcomm:snapdragon_x12_lte_modem_firmware
qualcomm:snapdragon_x5_lte_modem_firmware
qualcomm:snapdragon_x53_5g_modem-rf_system_firmware
qualcomm:snapdragon_x55_5g_modem-rf_system_firmware
qualcomm:snapdragon_x65_5g_modem-rf_system_firmware
qualcomm:snapdragon_xr2\+_gen_1_platform_firmware
qualcomm:snapdragon_xr2_5g_platform_firmware
qualcomm:srv1h_firmware
qualcomm:srv1m_firmware
qualcomm:sw5100_firmware
qualcomm:sw5100p_firmware
qualcomm:sw6100_firmware
qualcomm:sw6100p_firmware
qualcomm:sxr2230p_firmware
qualcomm:sxr2250p_firmware
qualcomm:sxr2330p_firmware
qualcomm:sxr2350p_firmware
qualcomm:themisto_firmware
qualcomm:video_collaboration_vc1_platform_firmware
qualcomm:video_collaboration_vc3_platform_firmware
qualcomm:video_collaboration_vc5_platform_firmware
qualcomm:vision_intelligence_100_platform_firmware
qualcomm:vision_intelligence_200_platform_firmware
qualcomm:vision_intelligence_400_platform_firmware
qualcomm:wcd9326_firmware
qualcomm:wcd9330_firmware
qualcomm:wcd9335_firmware
qualcomm:wcd9341_firmware
qualcomm:wcd9360_firmware
qualcomm:qca6595au_firmware
qualcomm:qca6678aq_firmware
qualcomm:qca6688aq_firmware
qualcomm:qca6696_firmware
qualcomm:qca6698aq_firmware
qualcomm:qca6698au_firmware
qualcomm:qca6797aq_firmware
qualcomm:qca8081_firmware
qualcomm:qca8337_firmware
qualcomm:qca8695au_firmware
qualcomm:qca9367_firmware
qualcomm:qca9377_firmware
qualcomm:qcm2290_firmware
qualcomm:qcm4325_firmware
qualcomm:qcm4490_firmware
qualcomm:qcm5430_firmware
qualcomm:qcm6125_firmware
qualcomm:qcm6490_firmware
qualcomm:qcn6024_firmware
qualcomm:qcn9011_firmware
qualcomm:qcn9012_firmware
qualcomm:qcn9024_firmware
qualcomm:qcs2290_firmware
qualcomm:qcs4290_firmware
qualcomm:qcs4490_firmware
qualcomm:qcs8550_firmware
qualcomm:qln1083bd_firmware
qualcomm:qln1086bd_firmware
qualcomm:qmp1000_firmware
qualcomm:qpa1083bd_firmware
qualcomm:qpa1086bd_firmware
qualcomm:qrb5165m_firmware
qualcomm:qrb5165n_firmware
qualcomm:qualcomm_215_mobile_platform_firmware
qualcomm:qxm1083_firmware
qualcomm:qxm1086_firmware
qualcomm:qxm1093_firmware
qualcomm:qxm1094_firmware
qualcomm:qxm1095_firmware
qualcomm:qxm1096_firmware
qualcomm:wcd9370_firmware
qualcomm:wcd9371_firmware
qualcomm:wcd9375_firmware
qualcomm:wcd9378_firmware
qualcomm:wcd9380_firmware
qualcomm:wcd9385_firmware
qualcomm:wcd9390_firmware
qualcomm:wcd9395_firmware
qualcomm:wcn3615_firmware
qualcomm:wcn3620_firmware
qualcomm:wcn3660b_firmware
qualcomm:wcn3680b_firmware
qualcomm:wcn3910_firmware
qualcomm:wcn3950_firmware
qualcomm:wcn3980_firmware
qualcomm:wcn3988_firmware
qualcomm:wcn3990_firmware
qualcomm:wcn6450_firmware
qualcomm:wcn6650_firmware
qualcomm:wcn6755_firmware
qualcomm:wcn7860_firmware
qualcomm:wcn7861_firmware
qualcomm:wcn7880_firmware
qualcomm:wcn7881_firmware
qualcomm:wsa8810_firmware
qualcomm:wsa8815_firmware
qualcomm:wsa8830_firmware
qualcomm:wsa8832_firmware
qualcomm:wsa8835_firmware
qualcomm:wsa8840_firmware
qualcomm:wsa8845_firmware
qualcomm:wsa8845h_firmware
qualcomm:robotics_rb2_platform_firmware
qualcomm:robotics_rb5_platform_firmware
qualcomm:sa4150p_firmware
qualcomm:sa4155p_firmware
qualcomm:sa6145p_firmware
qualcomm:sa6150p_firmware
qualcomm:sa6155_firmware
qualcomm:sa6155p_firmware
qualcomm:sa7255p_firmware
qualcomm:sa7775p_firmware
qualcomm:sa8145p_firmware
qualcomm:sa8150p_firmware
qualcomm:sa8155_firmware
qualcomm:sa8155p_firmware
qualcomm:sa8195p_firmware
qualcomm:sa8255p_firmware
qualcomm:sa8295p_firmware
qualcomm:sa8620p_firmware
qualcomm:sa8770p_firmware
qualcomm:sa9000p_firmware
qualcomm:sar1165p_firmware
qualcomm:sar1250p_firmware
qualcomm:sar2130p_firmware
qualcomm:sar2230p_firmware
qualcomm:sc8380xp_firmware
qualcomm:snapdragon_8_gen_1_firmware
qualcomm:sd626_firmware
qualcomm:sd662_firmware
qualcomm:sd865_5g_firmware
qualcomm:sda660_firmware
qualcomm:sdm429w_firmware
qualcomm:sdx61_firmware
qualcomm:sm6225p_firmware
qualcomm:sm6650p_firmware
qualcomm:sm7325p_firmware
qualcomm:sm7435_firmware
qualcomm:sm7550_firmware
qualcomm:sm7550p_firmware
qualcomm:sm7635p_firmware
qualcomm:sm7675_firmware
CVE-2017-7921 EUVD-2017-16892
CRITICAL

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

hikvision:ds-2cd2032-i_firmware
hikvision:ds-2cd2112-i_firmware
hikvision:ds-2cd2132-i_firmware
hikvision:ds-2cd2212-i5_firmware
hikvision:ds-2cd2232-i5_firmware
hikvision:ds-2cd2312-i_firmware
hikvision:ds-2cd2332-i_firmware
hikvision:ds-2cd2412f-i\(w\)_firmware
hikvision:ds-2cd2432f-i\(w\)_firmware
hikvision:ds-2cd2512f-i\(s\)_firmware
hikvision:ds-2cd2532f-i\(s\)_firmware
hikvision:ds-2cd2612f-i\(s\)_firmware
hikvision:ds-2cd2632f-i\(s\)_firmware
hikvision:ds-2cd2712f-i\(s\)_firmware
hikvision:ds-2cd2732f-i\(s\)_firmware
hikvision:ds-2cd2t32-i3_firmware
hikvision:ds-2cd2t32-i5_firmware
hikvision:ds-2cd2t32-i8_firmware
hikvision:ds-2cd4012f-\(a\)_firmware
hikvision:ds-2cd4012f-\(p\)_firmware
hikvision:ds-2cd4012f-\(w\)_firmware
hikvision:ds-2cd4012fwd-\(a\)_firmware
hikvision:ds-2cd4012fwd-\(p\)_firmware
hikvision:ds-2cd4012fwd-\(w\)_firmware
hikvision:ds-2cd4024f-\(a\)_firmware
hikvision:ds-2cd4024f-\(p\)_firmware
hikvision:ds-2cd4024f-\(w\)_firmware
hikvision:ds-2cd4032fwd-\(a\)_firmware
hikvision:ds-2cd4032fwd-\(p\)_firmware
hikvision:ds-2cd4032fwd-\(w\)_firmware
hikvision:ds-2cd4112f-i\(z\)_firmware
hikvision:ds-2cd4112fwd-i\(z\)_firmware
hikvision:ds-2cd4124f-i\(z\)_firmware
hikvision:ds-2cd4132fwd-i\(z\)_firmware
hikvision:ds-2cd4212f-i\(h\)_firmware
hikvision:ds-2cd4212f-i\(s\)_firmware
hikvision:ds-2cd4212f-i\(z\)_firmware
hikvision:ds-2cd4212fwd-i\(h\)_firmware
hikvision:ds-2cd4212fwd-i\(s\)_firmware
hikvision:ds-2cd4212fwd-i\(z\)_firmware
hikvision:ds-2cd4224f-i\(h\)_firmware
hikvision:ds-2cd4224f-i\(s\)_firmware
hikvision:ds-2cd4224f-i\(z\)_firmware
hikvision:ds-2cd4232fwd-i\(h\)_firmware
hikvision:ds-2cd4232fwd-i\(s\)_firmware
hikvision:ds-2cd4232fwd-i\(z\)_firmware
hikvision:ds-2cd4312f-i\(h\)_firmware
hikvision:ds-2cd4312f-i\(s\)_firmware
hikvision:ds-2cd4312f-i\(z\)_firmware
hikvision:ds-2cd4324f-i\(h\)_firmware
hikvision:ds-2cd4324f-i\(s\)_firmware
hikvision:ds-2cd4324f-i\(z\)_firmware
hikvision:ds-2cd4332fwd-i\(h\)_firmware
hikvision:ds-2cd4332fwd-i\(s\)_firmware
hikvision:ds-2cd4332fwd-i\(z\)_firmware
hikvision:ds-2cd6412fwd_firmware
hikvision:ds-2dfx_series_firmware
hikvision:ds-2cd63xx_series_firmware
Newly recorded security issues per week
Stay up to date! New information is added to our knowledge database every day. Here you can see the history of newly added vulnerabilities that have been added to our CVE DB in recent years.
Vulnerabilities by severity (over the last 7 days)
Information about the vulnerabilities of the last 7 days can be found here. As you can see, critical vulnerabilities are also added on a daily basis. Therefore, validate your current security situation sets on a daily basis to ensure the security of your IT.
CVSS Score Distribution
The CVSS score rates security vulnerabilities from 0 to 10, based on factors like attack vectors and impacts on confidentiality, integrity, and availability.
EPSS Score Distribution
The EPSS score predicts the likelihood of a known vulnerability being exploited, complementing CVSS by assessing real-world exploitability based on threat activity and exploit availability.
Latest Vulnerability Reports
The 10 most recently published CVE reports.

  • CVE-2026-3818

    HIGH

    A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2026-3817

    MEDIUM

    A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used.

  • CVE-2025-15576

    UNKNOWN

    If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other. When performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process. If the jail root directory is not encountered, the lookup continues. In a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process' jail root. This enables full filesystem access for a jailed process, breaking the chroot. Note that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel.

  • CVE-2025-15547

    UNKNOWN

    By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail. In a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail's filesystem root.

  • CVE-2025-14769

    UNKNOWN

    In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.

  • CVE-2025-14558

    UNKNOWN

    The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

  • CVE-2026-3816

    MEDIUM

    A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.

  • CVE-2026-3815

    HIGH

    A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

  • CVE-2026-25604

    UNKNOWN

    In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.  This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.

  • CVE-2025-69219

    UNKNOWN

    A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.