Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-0892 Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-64155 An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, F... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1221 PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded da... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22189 Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23944 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access t... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22583 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulati... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22712 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects T... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47855 An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to o... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22713 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows SQL Injection.This i... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0905 Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a netwo... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23978 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This i... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24371 Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everyt... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69270 Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earl... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22728 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows SQL Injection.This issue affects Workreap (th... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36911 Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69991 phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-67920 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue a... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23837 MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandator... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-56590 An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local se... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22585 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Web... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-68541 Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14431 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navi... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23975 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n... | 9.8 | CRITICAL | — | 0 |
| CVE-2016-20052 Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can u... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-12550 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes OchaHouse ochahouse allows PHP Local File Inclusion.This issue affect... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22509 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atla... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24058 Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user (including ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-12549 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Rozy - Flower Shop rozy allows PHP Local File Inclusion.This issue af... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22707 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moo... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23958 Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22043 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25296 The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23883 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it aga... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69079 Deserialization of Untrusted Data vulnerability in ThemeREX Sound | Musical Instruments Online Store musicplace allows Object Injection.This issue affects Sound | Musical Instruments Online Store: fro... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1363 IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web fro... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22708 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mite... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14429 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-65552 D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or ant... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24531 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affect... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70968 FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0906 Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity:... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-35616 A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22237 The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69382 Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elementor allows Object Injection.This issue affects Themesflat Elementor: from n/a through <= 1.0.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28074 Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through <= 1.4.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-46070 An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47851 Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command end... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22582 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22586 Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69563 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.