Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-25145 melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file (e.g., through pull request-dri... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-25143 melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell c... | 7.8 | HIGH | — | 0 |
| CVE-2026-24884 Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. B... | 8.4 | HIGH | — | 0 |
| CVE-2026-24844 melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could ... | 7.9 | HIGH | — | 0 |
| CVE-2026-24843 melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside ... | 8.2 | HIGH | — | 0 |
| CVE-2026-23897 Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 t... | 7.5 | HIGH | — | 0 |
| CVE-2025-71031 Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of serv... | 7.5 | HIGH | — | 0 |
| CVE-2025-68699 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malfor... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25140 apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could c... | 7.5 | HIGH | — | 0 |
| CVE-2026-25122 apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copy(io.... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-25121 apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstr... | 7.5 | HIGH | — | 0 |
| CVE-2026-0536 A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code... | 7.8 | HIGH | — | 0 |
| CVE-2026-25532 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS (Wi-Fi Protected Setup) Enrollee implement... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-25508 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Writ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-25507 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transpor... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-25139 RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-o... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-23624 GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can stea... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22247 GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-22044 GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-21893 n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The ... | 7.2 | HIGH | — | 0 |
| CVE-2025-69215 OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publica... | 8.8 | HIGH | — | 0 |
| CVE-2025-69213 OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when han... | 8.8 | HIGH | — | 0 |
| CVE-2025-64712 The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path trav... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25115 n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execut... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25056 n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or mod... | 8.8 | HIGH | — | 0 |
| CVE-2026-25055 n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating ... | 8.1 | HIGH | — | 0 |
| CVE-2026-25054 n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, i... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25053 n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to e... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25052 n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify wor... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25051 n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpo... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25049 n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflo... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-23110 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-23109 In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() Above the while() loop in wait_sb_inodes(), we document that ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23108 In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb:... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23107 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the tas... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23106 In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_ajdtimex() was introduced to handle adjtimex for... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23105 In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23104 In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal temperature sensor") introduced internal temperature s... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23103 In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23102 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few way... | 7.1 | HIGH | — | 0 |
| CVE-2026-23101 In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to leds_list when it is fully ready Before this change the LED was added to leds_list before led_ini... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-23100 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb_pmd_shared() Patch series "mm/hugetlb: fixes for PMD table sharing (incl. using mmu_gather)", v3. One fu... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23099 In the Linux kernel, the following vulnerability has been resolved: bonding: limit BOND_MODE_8023AD to Ethernet devices BOND_MODE_8023AD makes sense for ARPHRD_ETHER only. syzbot reported: BUG: K... | 7.1 | HIGH | — | 0 |
| CVE-2026-23098 In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nr_route_frame() In nr_route_frame(), old_skb is immediately freed without checking if nr_neigh->ax25 p... | 7.8 | HIGH | — | 0 |
| CVE-2026-23097 In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Hold... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23096 In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdev_device_add fails, it internally releases the cdev memory, and if cdev_devic... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23095 In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. [0] The repro generated a GUE packet with its i... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23094 In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolate_err_thr... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23093 In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dma_unmap_sg() nents The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23092 In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source When simple_write_to_buffer() succeeds, it returns th... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.