Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-25723 Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file wri... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25722 Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd comm... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-24903 OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24851 OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 ( openfga-0.2.22<= Helm chart <= openfga-0.2.... | 8.8 | HIGH | — | 0 |
| CVE-2026-24776 OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meetin... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24419 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima N... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24135 Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated use... | 8.1 | HIGH | — | 0 |
| CVE-2026-23633 Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23632 Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/*" does not require write permissions and allows access with read permission... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22592 Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1769 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6.... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-70963 Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login.... | 7.6 | HIGH | — | 0 |
| CVE-2025-64175 Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a vict... | 8.8 | HIGH | — | 0 |
| CVE-2026-2103 Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical acros... | 7.1 | HIGH | — | 0 |
| CVE-2026-2059 A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such manipulation of the argument ID leads to ... | 7.3 | HIGH | — | 0 |
| CVE-2026-2058 A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post... | 7.3 | HIGH | — | 0 |
| CVE-2026-25556 MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-own... | 7.5 | HIGH | — | 0 |
| CVE-2026-23741 Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, ... | 0.0 | NONE | — | 0 |
| CVE-2026-23740 Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files t... | 0.0 | NONE | — | 0 |
| CVE-2026-23739 Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents ... | 2.0 | LOW | — | 0 |
| CVE-2026-23738 Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET varia... | 3.5 | LOW | — | 0 |
| CVE-2025-64111 Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve rem... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25305 JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and e... | 7.8 | HIGH | — | 0 |
| CVE-2019-25304 SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit th... | 7.8 | HIGH | — | 0 |
| CVE-2019-25303 TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, t... | 7.1 | HIGH | — | 0 |
| CVE-2019-25302 Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can expl... | 7.8 | HIGH | — | 0 |
| CVE-2019-25301 Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments ... | 6.4 | MEDIUM | — | 0 |
| CVE-2019-25300 thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, a... | 7.1 | HIGH | — | 0 |
| CVE-2019-25299 RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can explo... | 7.1 | HIGH | — | 0 |
| CVE-2019-25298 html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-25294 html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can cra... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25293 BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can ex... | 7.8 | HIGH | — | 0 |
| CVE-2019-25292 Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the ... | 7.8 | HIGH | — | 0 |
| CVE-2019-25266 Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attacker... | 7.8 | HIGH | — | 0 |
| CVE-2026-2057 A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sq... | 7.3 | HIGH | — | 0 |
| CVE-2025-13523 Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names t... | 7.7 | HIGH | — | 0 |
| CVE-2026-2056 A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Con... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1337 Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. Ther... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-13818 Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent | 6.7 | MEDIUM | — | 0 |
| CVE-2026-2055 A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation c... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2054 A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in informa... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2018 A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injectio... | 7.3 | HIGH | — | 0 |
| CVE-2026-2017 A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The m... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2016 A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1293 The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `yoast-schema` block attribute in all versions up to,... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2015 A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulatio... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2014 A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument I... | 7.3 | HIGH | — | 0 |
| CVE-2026-2013 A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql in... | 7.3 | HIGH | — | 0 |
| CVE-2026-24928 Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.8 | MEDIUM | — | 0 |
| CVE-2026-24927 Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.