Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-26253 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26252 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26251 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26250 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26249 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25108 FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. | 8.8 | HIGH | KEV | 0 |
| CVE-2026-1721 Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HT... | N/A | NONE | — | 0 |
| CVE-2025-9293 A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network p... | N/A | NONE | — | 0 |
| CVE-2025-9292 A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing ... | N/A | NONE | — | 0 |
| CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. | 7.3 | HIGH | — | 0 |
| CVE-2024-21961 Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack a... | N/A | NONE | — | 0 |
| CVE-2026-26188 Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-70092 A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Nam... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-37167 ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers c... | 8.4 | HIGH | — | 0 |
| CVE-2019-25342 Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load... | 7.5 | HIGH | — | 0 |
| CVE-2019-25341 iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-... | 7.5 | HIGH | — | 0 |
| CVE-2019-25340 SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a ... | 7.5 | HIGH | — | 0 |
| CVE-2019-25339 GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated char... | 7.5 | HIGH | — | 0 |
| CVE-2019-25338 DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames t... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-25337 OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25336 SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can ge... | 8.4 | HIGH | — | 0 |
| CVE-2019-25335 PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both ... | 7.5 | HIGH | — | 0 |
| CVE-2019-25334 Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a sp... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25333 Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit th... | 7.5 | HIGH | — | 0 |
| CVE-2019-25332 FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft... | 8.4 | HIGH | — | 0 |
| CVE-2019-25331 AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a speci... | 8.4 | HIGH | — | 0 |
| CVE-2019-25330 SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers... | 7.5 | HIGH | — | 0 |
| CVE-2019-25329 FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. Attackers can gener... | 7.5 | HIGH | — | 0 |
| CVE-2019-25328 XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated cha... | 7.5 | HIGH | — | 0 |
| CVE-2019-25327 Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and pas... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25325 Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. A... | 8.2 | HIGH | — | 0 |
| CVE-2019-25324 RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25323 Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can cra... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25322 Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded ... | 7.5 | HIGH | — | 0 |
| CVE-2019-25321 FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25320 E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit th... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-25319 Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25318 AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payl... | 8.8 | HIGH | — | 0 |
| CVE-2026-26225 Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions ar... | N/A | NONE | — | 0 |
| CVE-2026-26224 Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerabilit... | N/A | NONE | — | 0 |
| CVE-2026-26185 Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an inval... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26076 ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enable... | 7.5 | HIGH | — | 0 |
| CVE-2026-26075 FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain secu... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-26069 Scraparr is a Prometheus Exporter for various components of the *arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API k... | 7.5 | HIGH | — | 0 |
| CVE-2026-26068 emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into ... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-26056 Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. It allows users with CR crea... | 8.8 | HIGH | — | 0 |
| CVE-2026-26055 Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. The ATC webhook endpoints la... | 7.5 | HIGH | — | 0 |
| CVE-2026-25828 grub-btrfs through 2026-01-31 (on Arch Linux and derivative distributions) allows initramfs OS command injection because it does not sanitize the $root parameter to resolve_device(). NOTE: a third par... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1358 Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain r... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70845 lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the "intro" field is not properly sanitized or escaped. | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.