Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-26478 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-26477 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints. | 7.5 | HIGH | — | 0 |
| CVE-2026-2323 Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2322 Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2321 Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HT... | 8.8 | HIGH | — | 0 |
| CVE-2026-2320 Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2319 Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit objec... | 7.5 | HIGH | — | 0 |
| CVE-2026-2318 Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a c... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2317 Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2316 Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2315 Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security ... | 8.8 | HIGH | — | 0 |
| CVE-2026-2314 Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-2313 Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2025-70297 A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-70296 A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-69873 ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Poin... | 2.9 | LOW | — | 0 |
| CVE-2025-69872 DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim appl... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69871 A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation whe... | 8.1 | HIGH | — | 0 |
| CVE-2026-2361 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample... | 8.0 | HIGH | — | 0 |
| CVE-2026-2360 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operat... | 8.0 | HIGH | — | 0 |
| CVE-2026-0229 A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a malici... | N/A | NONE | — | 0 |
| CVE-2026-0228 An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not nor... | N/A | NONE | — | 0 |
| CVE-2025-70085 An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_Fi... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70084 Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function. | 7.5 | HIGH | — | 0 |
| CVE-2025-70083 An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local bu... | 7.8 | HIGH | — | 0 |
| CVE-2025-70029 An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP... | 7.5 | HIGH | — | 0 |
| CVE-2025-69874 nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-65480 An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading... | 8.8 | HIGH | — | 0 |
| CVE-2025-65128 A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and... | 8.1 | HIGH | — | 0 |
| CVE-2026-25084 Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24789 An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-65127 A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval funct... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-13391 The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-25869 MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to p... | 7.5 | HIGH | — | 0 |
| CVE-2026-25868 MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1837 A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.... | N/A | NONE | — | 0 |
| CVE-2025-64075 A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by ... | 10.0 | CRITICAL | — | 0 |
| CVE-2025-12474 A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a... | N/A | NONE | — | 0 |
| CVE-2026-2345 Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin ... | 3.6 | LOW | — | 0 |
| CVE-2026-2344 A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1 | N/A | NONE | — | 0 |
| CVE-2026-2250 The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data... | 7.5 | HIGH | — | 0 |
| CVE-2026-2249 METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute a... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2248 METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute a... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-61969 Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | N/A | NONE | — | 0 |
| CVE-2025-52541 A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 7.3 | HIGH | — | 0 |
| CVE-2025-48518 Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service. | N/A | NONE | — | 0 |
| CVE-2025-48508 Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or res... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-48503 A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 7.8 | HIGH | — | 0 |
| CVE-2025-12059 Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access C... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36324 Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution. | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.