Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-28495 GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration fi... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-27825 MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` pa... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-26330 Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with apply_on_stream_done in the rate limit c... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26311 Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager (FilterManager) that allows for Zombie Str... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-26310 Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is ca... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-26309 Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString() can corrupt std::string null-termination,... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26308 Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validate... | 7.5 | HIGH | — | 0 |
| CVE-2026-26123 Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23868 Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult bu... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-70251 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup. | 7.5 | HIGH | — | 0 |
| CVE-2025-70249 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2. | 7.5 | HIGH | — | 0 |
| CVE-2025-70247 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1. | 7.5 | HIGH | — | 0 |
| CVE-2025-70246 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ. | 7.5 | HIGH | — | 0 |
| CVE-2025-70242 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP. | 7.5 | HIGH | — | 0 |
| CVE-2025-70227 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange. | 7.5 | HIGH | — | 0 |
| CVE-2025-70129 If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-70128 A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supp... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-48611 In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. ... | 10.0 | CRITICAL | — | 0 |
| CVE-2025-36227 IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-36226 IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-13219 IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, ref... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-3370 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2026-28292 `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27826 MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint ... | 8.2 | HIGH | — | 0 |
| CVE-2026-27281 DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27280 DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu... | 7.8 | HIGH | — | 0 |
| CVE-2026-27279 Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2026-27277 Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is... | 7.8 | HIGH | — | 0 |
| CVE-2026-27276 Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is... | 7.8 | HIGH | — | 0 |
| CVE-2026-27275 Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2026-27274 Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2026-27273 Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2026-27269 Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An a... | 7.8 | HIGH | — | 0 |
| CVE-2026-27219 Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27218 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27217 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27216 Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27215 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27214 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26801 Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix w... | 7.5 | HIGH | — | 0 |
| CVE-2026-26742 PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scena... | 8.1 | HIGH | — | 0 |
| CVE-2026-26741 PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing a... | 8.1 | HIGH | — | 0 |
| CVE-2026-21365 Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21364 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21363 Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-3862 Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. | N/A | NONE | — | 0 |
| CVE-2026-3854 An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on th... | 8.8 | HIGH | — | 0 |
| CVE-2026-3847 Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary c... | 8.8 | HIGH | — | 0 |
| CVE-2026-3846 Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3845 Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2. | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.