Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-1991 A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null point... | 3.3 | LOW | — | 0 |
| CVE-2026-0598 A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the a... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-1990 A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation le... | 3.3 | LOW | — | 0 |
| CVE-2026-1979 A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after fre... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1978 A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25698 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25697 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25696 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25695 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25694 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25693 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25692 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-1977 A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component vi... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15566 A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbi... | 8.8 | HIGH | — | 0 |
| CVE-2026-1976 A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1975 A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1228 The Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and includ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1974 A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1973 A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. Th... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1972 A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default c... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1971 A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cros... | 2.4 | LOW | — | 0 |
| CVE-2026-23623 Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.2... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24302 Azure Arc Elevation of Privilege Vulnerability | 8.6 | HIGH | — | 0 |
| CVE-2026-24300 Azure Front Door Elevation of Privilege Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2026-21532 Azure Function Information Disclosure Vulnerability | 8.2 | HIGH | — | 0 |
| CVE-2026-0391 User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68458 Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outs... | 3.7 | LOW | — | 0 |
| CVE-2025-68157 Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but... | 3.7 | LOW | — | 0 |
| CVE-2025-32393 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25815 Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key ... | 3.2 | LOW | — | 0 |
| CVE-2026-1970 A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redir... | 3.5 | LOW | — | 0 |
| CVE-2026-1964 A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Rem... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1963 A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access contr... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1962 A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-0106 In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. Use... | 9.3 | CRITICAL | — | 0 |
| CVE-2025-12131 A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25630 Rejected reason: Reason: This candidate was issued in error. | N/A | NONE | — | 0 |
| CVE-2026-1301 In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory. | N/A | NONE | — | 0 |
| CVE-2025-15343 Tanium addressed an incorrect default permissions vulnerability in Enforce. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15342 Tanium addressed an improper access controls vulnerability in Reputation. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15341 Tanium addressed an incorrect default permissions vulnerability in Benchmark. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15340 Tanium addressed an incorrect default permissions vulnerability in Comply. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15339 Tanium addressed an incorrect default permissions vulnerability in Discover. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15338 Tanium addressed an incorrect default permissions vulnerability in Partner Integration. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15337 Tanium addressed an incorrect default permissions vulnerability in Patch. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15336 Tanium addressed an incorrect default permissions vulnerability in Performance. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15335 Tanium addressed an information disclosure vulnerability in Threat Response. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15334 Tanium addressed an information disclosure vulnerability in Threat Response. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15333 Tanium addressed an information disclosure vulnerability in Threat Response. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15332 Tanium addressed an information disclosure vulnerability in Threat Response. | 4.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.