Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2019-25693 ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_... | 7.1 | HIGH | — | 0 |
| CVE-2026-39976 Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets the JWT... | 7.1 | HIGH | — | 0 |
| CVE-2026-34053 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/... | 7.1 | HIGH | — | 0 |
| CVE-2025-15553 Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password. | 7.1 | HIGH | — | 0 |
| CVE-2019-25664 SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Atta... | 7.1 | HIGH | — | 0 |
| CVE-2026-32000 OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers... | 7.1 | HIGH | — | 0 |
| CVE-2026-32017 OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can byp... | 7.1 | HIGH | — | 0 |
| CVE-2017-20238 Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed de... | 7.1 | HIGH | — | 0 |
| CVE-2026-0827 During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware... | 7.1 | HIGH | — | 0 |
| CVE-2026-23973 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5. | 7.1 | HIGH | — | 0 |
| CVE-2026-4162 The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perf... | 7.1 | HIGH | — | 0 |
| CVE-2026-31407 In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. Thes... | 7.1 | HIGH | — | 0 |
| CVE-2026-31484 In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check __io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte SQEs o... | 7.1 | HIGH | — | 0 |
| CVE-2019-25703 ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attacker... | 7.1 | HIGH | — | 0 |
| CVE-2019-25663 SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET ... | 7.1 | HIGH | — | 0 |
| CVE-2026-31486 In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regulator operations with mutex The regulator operations pmbus_regulator_get_voltage(), pmbus_regulato... | 7.1 | HIGH | — | 0 |
| CVE-2026-23555 Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path.... | 7.1 | HIGH | — | 0 |
| CVE-2026-23325 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() Check frame length before accessing the mgmt fields i... | 7.1 | HIGH | — | 0 |
| CVE-2026-33217 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied i... | 7.1 | HIGH | — | 0 |
| CVE-2026-5444 A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned a... | 7.1 | HIGH | — | 0 |
| CVE-2026-33892 A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Manag... | 7.1 | HIGH | — | 0 |
| CVE-2026-40162 Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authenticati... | 7.1 | HIGH | — | 0 |
| CVE-2026-32188 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | 7.1 | HIGH | — | 0 |
| CVE-2026-22048 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible ... | 7.1 | HIGH | — | 0 |
| CVE-2026-24835 Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to complet... | 7.1 | HIGH | — | 0 |
| CVE-2026-24902 TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In `tcp_forwarder.rs`, SSRF protection for `allow... | 7.1 | HIGH | — | 0 |
| CVE-2026-23076 In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix potential OOB access in audio mixer handling In the audio mixer handling code of ctxfi driver, the conf field is ... | 7.1 | HIGH | — | 0 |
| CVE-2026-27332 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through < 1.... | 7.1 | HIGH | — | 0 |
| CVE-2026-23102 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few way... | 7.1 | HIGH | — | 0 |
| CVE-2025-11142 The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or adm... | 7.1 | HIGH | — | 0 |
| CVE-2020-37081 Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can expl... | 7.1 | HIGH | — | 0 |
| CVE-2025-71201 In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the co... | 7.1 | HIGH | — | 0 |
| CVE-2026-25503 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ... | 7.1 | HIGH | — | 0 |
| CVE-2026-23187 In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove()... | 7.1 | HIGH | — | 0 |
| CVE-2025-67972 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Prague prague-plugins allows Reflected XSS.This issue affects Prague: from n/a through ... | 7.1 | HIGH | — | 0 |
| CVE-2025-70846 lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password. | 7.1 | HIGH | — | 0 |
| CVE-2025-71231 In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but t... | 7.1 | HIGH | — | 0 |
| CVE-2026-4369 A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerabilit... | 7.1 | HIGH | — | 0 |
| CVE-2026-4345 A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious a... | 7.1 | HIGH | — | 0 |
| CVE-2026-22438 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.This issue affects TheBi: from n/a through <= 1.0... | 7.1 | HIGH | — | 0 |
| CVE-2026-4344 A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the... | 7.1 | HIGH | — | 0 |
| CVE-2019-25299 RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can explo... | 7.1 | HIGH | — | 0 |
| CVE-2019-25300 thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, a... | 7.1 | HIGH | — | 0 |
| CVE-2026-28110 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows R... | 7.1 | HIGH | — | 0 |
| CVE-2019-25303 TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, t... | 7.1 | HIGH | — | 0 |
| CVE-2026-28109 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Reflected XS... | 7.1 | HIGH | — | 0 |
| CVE-2026-28108 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows R... | 7.1 | HIGH | — | 0 |
| CVE-2026-28103 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows Reflected XSS.This issue affects LBG Z... | 7.1 | HIGH | — | 0 |
| CVE-2026-28102 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Classic uberSlider_classic allows Reflected XSS.This issue affects UberSli... | 7.1 | HIGH | — | 0 |
| CVE-2026-28101 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider MouseInteraction uberSlider_mouseinteraction allows Reflected XSS.This iss... | 7.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.