Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-15331 Tanium addressed an uncontrolled resource consumption vulnerability in Connect. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15330 Tanium addressed an improper input validation vulnerability in Deploy. | 8.8 | HIGH | — | 0 |
| CVE-2025-15329 Tanium addressed an information disclosure vulnerability in Threat Response. | 4.9 | MEDIUM | — | 0 |
| CVE-2025-15328 Tanium addressed an improper link resolution before file access vulnerability in Enforce. | 5.0 | MEDIUM | — | 0 |
| CVE-2025-15327 Tanium addressed an improper access controls vulnerability in Deploy. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15326 Tanium addressed an improper access controls vulnerability in Patch. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15325 Tanium addressed an improper input validation vulnerability in Discover. | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15324 Tanium addressed a documentation issue in Engage. | 6.6 | MEDIUM | — | 0 |
| CVE-2025-15323 Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. | 3.7 | LOW | — | 0 |
| CVE-2025-15321 Tanium addressed an improper input validation vulnerability in Tanium Appliance. | 2.7 | LOW | — | 0 |
| CVE-2025-15312 Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. | 6.6 | MEDIUM | — | 0 |
| CVE-2025-15311 Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. | 7.8 | HIGH | — | 0 |
| CVE-2025-15289 Tanium addressed an improper access controls vulnerability in Interact. | 3.1 | LOW | — | 0 |
| CVE-2026-1707 pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An att... | 7.4 | HIGH | — | 0 |
| CVE-2025-70073 An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function | 7.2 | HIGH | — | 0 |
| CVE-2025-68121 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed... | 10.0 | CRITICAL | — | 0 |
| CVE-2025-58190 The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML c... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-47911 The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HT... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15557 An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communic... | 8.8 | HIGH | — | 0 |
| CVE-2025-15551 The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attacker... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-0715 Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this i... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-0714 A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-70792 Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileg... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-70791 Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-69906 Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly i... | 8.8 | HIGH | — | 0 |
| CVE-2025-69619 A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-68723 Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Ser... | 9.0 | CRITICAL | — | 0 |
| CVE-2025-68643 Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack.... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-37152 PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the brows... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-37150 Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wirel... | 7.5 | HIGH | — | 0 |
| CVE-2020-37149 Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the ... | 8.1 | HIGH | — | 0 |
| CVE-2020-37148 P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned ... | 3.5 | LOW | — | 0 |
| CVE-2020-37145 HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious ... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-37144 Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submit... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37143 ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37142 10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers ca... | 8.4 | HIGH | — | 0 |
| CVE-2020-37140 Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can g... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-37139 Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer ov... | 8.4 | HIGH | — | 0 |
| CVE-2020-37138 10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malici... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37137 PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST da... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-37136 ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input wi... | 7.5 | HIGH | — | 0 |
| CVE-2020-37134 UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37133 UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37132 UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 3... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37131 Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can ... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37130 Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes... | 7.5 | HIGH | — | 0 |
| CVE-2020-37129 Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a mal... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37128 ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversiz... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37127 Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core ... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-37126 Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can explo... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.