Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-22922 Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2227 A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2226 A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_file... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-23903 Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The i... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2225 A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argum... | 7.3 | HIGH | — | 0 |
| CVE-2026-2224 A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argumen... | 3.5 | LOW | — | 0 |
| CVE-2026-25916 Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25905 The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may resul... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-25904 The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform ... | 5.8 | MEDIUM | — | 0 |
| CVE-2025-7799 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. E-Taxpayer Accounting Website allows Reflected XSS.This... | 8.6 | HIGH | — | 0 |
| CVE-2026-2236 C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | 7.5 | HIGH | — | 0 |
| CVE-2026-2235 C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2234 C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-2223 A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/tak... | 7.3 | HIGH | — | 0 |
| CVE-2026-2222 A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php.... | 2.4 | LOW | — | 0 |
| CVE-2026-22906 User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22905 An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access t... | 7.5 | HIGH | — | 0 |
| CVE-2026-22904 Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resultin... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22903 An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to c... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2221 A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the a... | 7.3 | HIGH | — | 0 |
| CVE-2026-2220 A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation ... | 7.3 | HIGH | — | 0 |
| CVE-2026-24466 Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission... | N/A | NONE | — | 0 |
| CVE-2026-1868 GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in w... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-0870 MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local at... | 7.8 | HIGH | — | 0 |
| CVE-2026-2218 A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2217 A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manage_user.php. The manipulation of the argument ID results in sq... | 7.3 | HIGH | — | 0 |
| CVE-2026-2216 A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to pa... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22613 The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security iss... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-2215 A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the... | 3.7 | LOW | — | 0 |
| CVE-2026-2214 A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross s... | 2.4 | LOW | — | 0 |
| CVE-2026-2213 A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of t... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1615 Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to p... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66598 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with t... | 7.5 | HIGH | — | 0 |
| CVE-2025-66597 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communicatio... | 7.5 | HIGH | — | 0 |
| CVE-2025-66596 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, use... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-66595 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link crafted by an at... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-66594 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2212 A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation... | 7.3 | HIGH | — | 0 |
| CVE-2026-2211 A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ... | 7.3 | HIGH | — | 0 |
| CVE-2025-66608 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal file... | 7.5 | HIGH | — | 0 |
| CVE-2025-66607 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66606 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scri... | 9.6 | CRITICAL | — | 0 |
| CVE-2025-66605 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66604 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker fo... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66603 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out ot... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66602 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes int... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66601 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scri... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-66600 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in th... | N/A | NONE | — | 0 |
| CVE-2025-66599 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other ... | N/A | NONE | — | 0 |
| CVE-2026-2210 A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be lau... | 7.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.