Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-22319 A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal ... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-22318 A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an intern... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-22317 A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution ... | 7.2 | HIGH | — | 0 |
| CVE-2026-22316 A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-31703 A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's a... | N/A | NONE | — | 0 |
| CVE-2026-3512 The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sani... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-32608 Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These... | 7.0 | HIGH | — | 0 |
| CVE-2025-15363 The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks under certain server configur... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-32606 IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physic... | 7.6 | HIGH | — | 0 |
| CVE-2026-32596 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensit... | 7.5 | HIGH | — | 0 |
| CVE-2026-32268 The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the... | N/A | NONE | — | 0 |
| CVE-2026-4366 A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-33189 Rejected reason: Further research determined the issue originates from a different product. | N/A | NONE | — | 0 |
| CVE-2026-33188 Rejected reason: Further research determined the issue originates from a different product. | N/A | NONE | — | 0 |
| CVE-2026-33187 Rejected reason: Further research determined the issue originates from a different product. | N/A | NONE | — | 0 |
| CVE-2026-33058 Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a proje... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32266 The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the `DefaultController->actionLoadBucketData()` e... | N/A | NONE | — | 0 |
| CVE-2026-32265 The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The `Buc... | N/A | NONE | — | 0 |
| CVE-2026-32256 music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infini... | 7.5 | HIGH | — | 0 |
| CVE-2026-32254 Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node'... | 7.1 | HIGH | — | 0 |
| CVE-2026-31938 jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) i... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-31898 jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript a... | 8.1 | HIGH | — | 0 |
| CVE-2026-31891 Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the Mo... | 7.7 | HIGH | — | 0 |
| CVE-2026-31865 Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototyp... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-30922 pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deep... | 7.5 | HIGH | — | 0 |
| CVE-2026-30884 mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who hol... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-2575 A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-29112 DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1926 The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wps_sfw_admin_cancel_susbcription()` function in all... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1780 The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and out... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-4356 A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /add_result.php. Executing a manipulation of the argument vr can lead to cross site ... | 2.4 | LOW | — | 0 |
| CVE-2026-4268 The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmza_custom_js’ parameter in all versions up to, and including, 10.0.05 due to ins... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2603 A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated... | 8.1 | HIGH | — | 0 |
| CVE-2026-2092 A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An atta... | 7.7 | HIGH | — | 0 |
| CVE-2026-29056 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters an... | 8.8 | HIGH | — | 0 |
| CVE-2026-28500 Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improp... | 8.6 | HIGH | — | 0 |
| CVE-2026-28499 LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection (Array / Dictionary) via `#(value)`. This... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27545 OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writab... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27524 OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject __proto... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27523 OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existen... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27522 OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from loca... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22217 OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-22181 OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured... | 7.6 | HIGH | — | 0 |
| CVE-2026-22180 OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22179 OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper par... | 7.2 | HIGH | — | 0 |
| CVE-2026-22178 OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22177 OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-22175 OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers lik... | 7.1 | HIGH | — | 0 |
| CVE-2026-22174 OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-22171 OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensio... | 8.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.