Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-36033 IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-33081 IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user. | 3.3 | LOW | — | 0 |
| CVE-2020-37087 Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and pat... | N/A | NONE | — | 0 |
| CVE-2020-37084 School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers ca... | 7.2 | HIGH | — | 0 |
| CVE-2026-25510 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25509 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementati... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25224 Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust... | 3.7 | LOW | — | 0 |
| CVE-2026-25223 Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Ty... | 7.5 | HIGH | — | 0 |
| CVE-2026-25155 Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue ... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-25151 Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote att... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-25150 Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj() function within @builder.io/qwik-city middleware. The functio... | 9.3 | CRITICAL | — | 0 |
| CVE-2026-25149 Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25148 Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote atta... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1811 A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename H... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1341 Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control. | N/A | NONE | — | 0 |
| CVE-2020-37097 Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37096 Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37094 EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization an... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37093 Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET req... | 7.5 | HIGH | — | 0 |
| CVE-2020-37092 Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37091 Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms ... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37090 School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attac... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37089 School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerab... | 8.2 | HIGH | — | 0 |
| CVE-2020-37088 School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access... | 7.5 | HIGH | — | 0 |
| CVE-2020-37086 Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploi... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37085 VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit... | 7.5 | HIGH | — | 0 |
| CVE-2020-37083 PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL... | 8.2 | HIGH | — | 0 |
| CVE-2020-37082 webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backu... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37081 Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can expl... | 7.1 | HIGH | — | 0 |
| CVE-2020-37080 webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulner... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37078 i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. At... | 8.8 | HIGH | — | 0 |
| CVE-2020-37077 Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploi... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-37076 Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability ... | 8.2 | HIGH | — | 0 |
| CVE-2020-37075 LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious paylo... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37074 Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malic... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37073 Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malici... | 8.8 | HIGH | — | 0 |
| CVE-2020-37072 Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript pa... | 7.2 | HIGH | — | 0 |
| CVE-2020-37071 CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37070 CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a spe... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37069 Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' char... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37068 Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' char... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37067 Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 by... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37066 GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially craft... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37065 StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a m... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25260 OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerabi... | 8.2 | HIGH | — | 0 |
| CVE-2026-24887 Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted comm... | 8.8 | HIGH | — | 0 |
| CVE-2026-24053 Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files ou... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24052 Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application u... | 7.4 | HIGH | — | 0 |
| CVE-2026-1862 Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-1861 Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.