Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-12679 A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacke... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25729 DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25631 n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send request... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25760 Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25493 Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and re... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25494 Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filter_var(..., FILTER_VALIDATE_IP)... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25957 Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a C... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-32003 Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adv... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0653 On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of pro... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1847 Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leadi... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1849 MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodical... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1850 Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25768 LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-48019 A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be t... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-48020 A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be t... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-48021 A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be t... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27092 Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.3.... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27094 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through <= 3.1.1... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2452 Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-27904 IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious a... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-33124 IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-33130 IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23597 Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could a... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23596 A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt ser... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1344 Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0665 An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall i... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-11725 The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-13587 The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS88_2FAVE::wp_login()... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25229 Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labe... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25368 Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fi... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25372 Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26361 Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerabili... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27057 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects P... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27058 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: fro... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27059 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-71242 SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-56208 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26320 OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the `openclaw://` URL scheme. For `openclaw://agent` deep links without an unattended `key`, the app shows a confirmation d... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1292 Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26328 OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, b... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67969 Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.T... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-50452 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexte... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-50555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Websi... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-51915 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSp... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27022 @langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filt... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-14339 The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and i... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2984 A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID lead... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-70044 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27514 Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response i... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2698 An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope. | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.