Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-32084 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32081 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-34080 xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules bu... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28829 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28825 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected par... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28892 A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20633 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32024 OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attack... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33905 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an sp... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-40183 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the ima... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-40311 ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33179 libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to cras... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-34447 Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows readi... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32044 OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicio... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-29111 systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an asse... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33205 calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoin... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-65116 Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Mana... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-39392 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htm... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25232 Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5679 A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argume... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-3776 The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code conti... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20806 Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27258 DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-35477 InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, th... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-39390 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting (cMap fi... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-25577 SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attacke... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-3777 The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27300 Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to discl... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27301 Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose se... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5683 A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-34218 ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5745 A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL s... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-39464 Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Comin... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33786 An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27131 The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28868 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28881 A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32214 Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2019-25554 Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can tr... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27930 Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-0967 A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32869 OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS pa... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33855 Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33853 NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32079 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5475 A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can ... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-25570 RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers c... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25215 Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail an... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32868 OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS pa... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32215 Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.