Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-24924 Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24920 Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-2012 A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argum... | 7.3 | HIGH | — | 0 |
| CVE-2026-2011 A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument I... | 7.3 | HIGH | — | 0 |
| CVE-2026-24931 Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-24930 UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | 8.4 | HIGH | — | 0 |
| CVE-2026-24929 Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-24926 Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | 8.4 | HIGH | — | 0 |
| CVE-2026-24925 Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | 7.3 | HIGH | — | 0 |
| CVE-2026-24923 Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.3 | MEDIUM | — | 0 |
| CVE-2026-24922 Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.9 | MEDIUM | — | 0 |
| CVE-2026-24921 Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 4.8 | MEDIUM | — | 0 |
| CVE-2026-24919 Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.0 | MEDIUM | — | 0 |
| CVE-2026-24918 Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.8 | MEDIUM | — | 0 |
| CVE-2026-24917 UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24916 Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-24915 Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-24914 Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.0 | MEDIUM | — | 0 |
| CVE-2026-21643 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized cod... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1785 The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download an... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1499 The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on th... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1252 The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2010 A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/log... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-2009 A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead t... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-21626 Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure | 7.5 | HIGH | — | 0 |
| CVE-2026-1279 The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_title' parameter in the `search_employee_directory` shortcode in all versions up to, and includin... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2008 A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqn_chart of the file fmcp/mpl_mcp/core/eqn_chart.py. Perfo... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2000 A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1998 A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be la... | 3.3 | LOW | — | 0 |
| CVE-2026-1909 The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1888 The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient i... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1808 The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplus_button shortcode in all versions up to... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1401 The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0521 A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victi... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-10753 The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and auth... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1991 A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null point... | 3.3 | LOW | — | 0 |
| CVE-2026-0598 A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the a... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-1990 A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation le... | 3.3 | LOW | — | 0 |
| CVE-2026-1979 A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after fre... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1978 A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25698 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25697 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25696 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25695 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25694 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25693 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25692 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-1977 A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component vi... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15566 A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbi... | 8.8 | HIGH | — | 0 |
| CVE-2026-1976 A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible ... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.