Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-4662 The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter b... | 7.5 | HIGH | — | 0 |
| CVE-2026-4640 Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information. | 7.5 | HIGH | — | 0 |
| CVE-2026-4639 Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating pr... | 8.8 | HIGH | — | 0 |
| CVE-2026-4632 A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Execut... | 7.3 | HIGH | — | 0 |
| CVE-2026-4627 A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulat... | 7.2 | HIGH | — | 0 |
| CVE-2026-4283 The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accept... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-3260 A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes paramete... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-3138 The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-4744 Out-of-bounds Read vulnerability in rizonesoft Notepad3 (scintilla/oniguruma/src modules). This vulnerability is associated with program files regcomp.C. This issue affects Notepad3: before 6.25.71... | N/A | NONE | — | 0 |
| CVE-2026-4743 NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils modules). This vulnerability is associated with program files cJSON.Cpp. This issue affects ncmdump: before 1.4.0. | N/A | NONE | — | 0 |
| CVE-2026-4742 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is assoc... | N/A | NONE | — | 0 |
| CVE-2026-4741 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TeamJCD JoyConDroid (app/src/main/java/com/rdapps/gamepad/util modules). This vulnerability is associate... | N/A | NONE | — | 0 |
| CVE-2026-4739 Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1. | N/A | NONE | — | 0 |
| CVE-2026-4738 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.... | N/A | NONE | — | 0 |
| CVE-2026-4737 Use After Free vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C. This issue affects Echo-Mate: befo... | N/A | NONE | — | 0 |
| CVE-2026-4736 Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H,... | N/A | NONE | — | 0 |
| CVE-2026-4735 Deserialization of Untrusted Data vulnerability in DTStack chunjun (chunjun-core/src/main/java/com/dtstack/chunjun/util modules). This vulnerability is associated with program files GsonUtil.Java. T... | N/A | NONE | — | 0 |
| CVE-2026-4734 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is ... | N/A | NONE | — | 0 |
| CVE-2026-4733 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4732 Out-of-bounds Read vulnerability in tildearrow furnace (extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C. This issue affects furnace: before 0.7. | N/A | NONE | — | 0 |
| CVE-2026-4731 Integer Overflow or Wraparound vulnerability in artraweditor ART (rtengine modules). This vulnerability is associated with program files dcraw.C. This issue affects ART: before 1.25.12. | N/A | NONE | — | 0 |
| CVE-2026-4626 A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyer_booking.php. The manipulation of the argument Description leads to cr... | 3.5 | LOW | — | 0 |
| CVE-2026-4625 A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql inje... | 7.3 | HIGH | — | 0 |
| CVE-2026-4624 A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a ... | 7.3 | HIGH | — | 0 |
| CVE-2026-4623 A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file ... | 7.3 | HIGH | — | 0 |
| CVE-2026-33308 Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension.... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-3079 The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up to... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-33307 Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a f... | 7.5 | HIGH | — | 0 |
| CVE-2026-4680 Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-4679 Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-4678 Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-4677 Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity... | 8.8 | HIGH | — | 0 |
| CVE-2026-4676 Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-4675 Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-4674 Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-4673 Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-4617 A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the c... | 7.3 | HIGH | — | 0 |
| CVE-2026-4616 A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulatio... | 2.4 | LOW | — | 0 |
| CVE-2026-33320 Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-33306 bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in... | 7.5 | HIGH | — | 0 |
| CVE-2026-33298 llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a G... | 7.8 | HIGH | — | 0 |
| CVE-2026-33290 WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user (including a custom role with zero cap... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22739 Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible t... | 8.6 | HIGH | — | 0 |
| CVE-2026-4615 A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injectio... | 7.3 | HIGH | — | 0 |
| CVE-2026-4614 A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4613 A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. Th... | 7.3 | HIGH | — | 0 |
| CVE-2026-4056 The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-4021 The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation... | 8.1 | HIGH | — | 0 |
| CVE-2026-4001 The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_c... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3533 The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the uplo... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.