Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-2080 A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injectio... | 7.2 | HIGH | — | 0 |
| CVE-2026-2079 A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1675 The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1643 The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes i... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1634 The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient inpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1613 The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1611 The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1608 The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1573 The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input sanitiz... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1570 The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1082 The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0555 The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing ca... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15477 The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15476 The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to, and i... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2078 A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\war... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2077 A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2076 A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repo... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2075 A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\co... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15491 The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as wi... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-15267 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-13463 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-12803 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-12159 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2074 A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation lea... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2073 A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead... | 7.3 | HIGH | — | 0 |
| CVE-2026-25845 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25844 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25843 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25842 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25841 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25840 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25839 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25838 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25837 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-31990 Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overw... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-2071 A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in b... | 8.8 | HIGH | — | 0 |
| CVE-2020-37171 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username ... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37170 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address fi... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37166 AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37165 AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character pay... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37164 AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character pay... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37163 QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject U... | 8.2 | HIGH | — | 0 |
| CVE-2020-37162 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malici... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37161 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37160 SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing ex... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37159 Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craf... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37157 DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. A... | 7.5 | HIGH | — | 0 |
| CVE-2020-37155 Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte p... | 7.5 | HIGH | — | 0 |
| CVE-2020-37154 eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can l... | 7.1 | HIGH | — | 0 |
| CVE-2020-37147 ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit... | 7.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.