Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-25838 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25837 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-31990 Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overw... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-2071 A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in b... | 8.8 | HIGH | — | 0 |
| CVE-2020-37171 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username ... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37170 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address fi... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37166 AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37165 AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character pay... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37164 AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character pay... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37163 QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject U... | 8.2 | HIGH | — | 0 |
| CVE-2020-37162 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malici... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37161 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37160 SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing ex... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37159 Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craf... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37157 DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. A... | 7.5 | HIGH | — | 0 |
| CVE-2020-37155 Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte p... | 7.5 | HIGH | — | 0 |
| CVE-2020-37154 eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can l... | 7.1 | HIGH | — | 0 |
| CVE-2020-37147 ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit... | 7.1 | HIGH | — | 0 |
| CVE-2020-37146 ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's co... | 7.5 | HIGH | — | 0 |
| CVE-2020-37141 AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/mail... | 8.2 | HIGH | — | 0 |
| CVE-2020-37135 AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and... | 7.5 | HIGH | — | 0 |
| CVE-2020-37122 SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file wit... | 7.5 | HIGH | — | 0 |
| CVE-2020-37109 aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37107 Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20... | 7.5 | HIGH | — | 0 |
| CVE-2020-37106 Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attacke... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37079 Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2070 A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to bu... | 8.8 | HIGH | — | 0 |
| CVE-2026-25804 Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug ... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-25803 3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first i... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25793 Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created... | 8.1 | HIGH | — | 0 |
| CVE-2026-25762 AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. W... | 7.5 | HIGH | — | 0 |
| CVE-2026-25757 Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue m... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25754 AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to man... | 7.2 | HIGH | — | 0 |
| CVE-2026-25749 Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vu... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-25644 DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8. | 7.5 | HIGH | — | 0 |
| CVE-2023-6763 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-2069 A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This ... | 3.3 | LOW | — | 0 |
| CVE-2026-2068 A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflo... | 8.8 | HIGH | — | 0 |
| CVE-2026-25764 OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The appl... | 3.5 | LOW | — | 0 |
| CVE-2026-25763 OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint (/p... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25760 Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25758 Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest ad... | 7.5 | HIGH | — | 0 |
| CVE-2026-25732 NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use t... | 7.5 | HIGH | — | 0 |
| CVE-2026-25574 Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference (IDOR) vulnerability exists in the payload-preferences intern... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25544 Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25533 Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed ... | 8.8 | HIGH | — | 0 |
| CVE-2026-25516 NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows r... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25123 Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthenticated) tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an un... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1731 BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted req... | 9.8 | CRITICAL | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.