Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2019-25273 Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted p... | 7.8 | HIGH | — | 0 |
| CVE-2019-25272 TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path i... | 7.8 | HIGH | — | 0 |
| CVE-2019-25271 NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious c... | 7.8 | HIGH | — | 0 |
| CVE-2019-25269 Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevat... | 7.8 | HIGH | — | 0 |
| CVE-2019-25267 Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquo... | 7.8 | HIGH | — | 0 |
| CVE-2026-25585 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.c... | 7.8 | HIGH | — | 0 |
| CVE-2026-22038 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT pla... | 8.1 | HIGH | — | 0 |
| CVE-2026-1895 A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1894 A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-62616 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordF... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-62615 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22873 It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape on... | 3.8 | LOW | — | 0 |
| CVE-2026-25584 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow ... | 7.8 | HIGH | — | 0 |
| CVE-2026-25583 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow v... | 7.8 | HIGH | — | 0 |
| CVE-2026-25582 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (... | 7.8 | HIGH | — | 0 |
| CVE-2026-25579 Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25578 Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code thr... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25575 NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated us... | 7.5 | HIGH | — | 0 |
| CVE-2026-25547 @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded bra... | N/A | NONE | — | 0 |
| CVE-2026-25546 Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The ... | 7.8 | HIGH | — | 0 |
| CVE-2026-25543 HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25541 Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, i... | 7.5 | HIGH | — | 0 |
| CVE-2026-25540 Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via `Rails.cache. When AUTHORIZED_FET... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25539 SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-25538 Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including... | 8.8 | HIGH | — | 0 |
| CVE-2026-25537 jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or ... | 7.5 | HIGH | — | 0 |
| CVE-2026-25536 MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and tran... | 7.1 | HIGH | — | 0 |
| CVE-2026-25526 JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via byp... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25523 Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25521 Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a... | 8.8 | HIGH | — | 0 |
| CVE-2026-25518 cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-1892 A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.ca... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-1884 A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation caus... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-51451 IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-43181 IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-40685 IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allo... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25519 OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins wit... | 8.1 | HIGH | — | 0 |
| CVE-2026-25517 Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with acce... | 2.7 | LOW | — | 0 |
| CVE-2026-25512 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office.... | 8.8 | HIGH | — | 0 |
| CVE-2026-25511 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigg... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-25499 Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in esc... | 7.5 | HIGH | — | 0 |
| CVE-2026-1554 XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server allows Privilege Escalation.This issue affects Central Authentication System (CAS) Server: ... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-1553 Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4. | 4.8 | MEDIUM | — | 0 |
| CVE-2026-0948 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 be... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0947 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting (XSS).This issue affects AT Interne... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-0946 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet Smart... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0945 Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-0944 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, fr... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-2134 IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling. | 3.5 | LOW | — | 0 |
| CVE-2025-27550 IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server. | 3.5 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.