Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-27686 Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation ... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-27685 SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentialit... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-27684 SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The applica... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-24317 SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a mali... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-24316 SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerab... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-24313 SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulner... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-24311 The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with u... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-24310 Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database ... | 3.5 | LOW | — | 0 |
| CVE-2026-24309 Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the databa... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1920 The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension_Cont... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1919 The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoin... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1508 The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0953 The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that t... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0489 Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon u... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-36173 Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 | 6.1 | MEDIUM | — | 0 |
| CVE-2025-36105 IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. | 4.4 | MEDIUM | — | 0 |
| CVE-2025-2399 Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of a... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-31802 node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink ta... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-30937 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encod... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-30936 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-30935 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect co... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-30931 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-30929 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a speci... | 7.7 | HIGH | — | 0 |
| CVE-2026-30926 SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleRea... | 7.1 | HIGH | — | 0 |
| CVE-2026-30883 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflo... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-28693 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds re... | 8.1 | HIGH | — | 0 |
| CVE-2026-28692 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesiz... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-28691 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in th... | 7.5 | HIGH | — | 0 |
| CVE-2026-28690 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder... | 6.9 | MEDIUM | — | 0 |
| CVE-2026-28689 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/u... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-28688 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, ... | 4.0 | MEDIUM | — | 0 |
| CVE-2026-28687 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decode... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28686 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode d... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-28494 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kern... | 7.1 | HIGH | — | 0 |
| CVE-2026-28493 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerabili... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-28433 Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' da... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-28432 Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerab... | 7.5 | HIGH | — | 0 |
| CVE-2026-28431 Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data ... | 7.5 | HIGH | — | 0 |
| CVE-2026-26982 Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1776 Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary fil... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3288 A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary co... | 8.8 | HIGH | — | 0 |
| CVE-2026-31816 Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpo... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-30240 Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-25960 vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load_from_url_async method due to inconsistent... | 7.1 | HIGH | — | 0 |
| CVE-2026-25737 Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions a... | 8.9 | HIGH | — | 0 |
| CVE-2026-25045 Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR (Insecure Direct Object Reference) due t... | 8.8 | HIGH | — | 0 |
| CVE-2025-70973 ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentic... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-70028 An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | 7.5 | HIGH | — | 0 |
| CVE-2025-15603 A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the ... | 3.7 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.