Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-27012 OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allo... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25146 OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret val... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-24898 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoin... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-24848 OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated ... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-24415 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modifica... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-21866 Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1775 The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially craft... | N/A | NONE | — | 0 |
| CVE-2026-3486 A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no lead... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3485 A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25906 Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit ... | 7.3 | HIGH | — | 0 |
| CVE-2026-24502 Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vu... | 8.8 | HIGH | — | 0 |
| CVE-2026-1713 IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD | 5.0 | MEDIUM | — | 0 |
| CVE-2026-1567 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from... | 7.1 | HIGH | — | 0 |
| CVE-2025-70240 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70239 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70234 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14480 IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | 5.1 | MEDIUM | — | 0 |
| CVE-2025-14456 IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1 | 5.9 | MEDIUM | — | 0 |
| CVE-2025-13688 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-13687 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-13686 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-3494 In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated databa... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3484 A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2915 HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | 7.1 | HIGH | — | 0 |
| CVE-2026-2606 IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-29022 dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory cor... | 7.3 | HIGH | — | 0 |
| CVE-2026-26892 Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php. | 7.2 | HIGH | — | 0 |
| CVE-2026-26891 Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php. | 2.7 | LOW | — | 0 |
| CVE-2026-26889 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. | 2.7 | LOW | — | 0 |
| CVE-2026-26888 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. | 2.7 | LOW | — | 0 |
| CVE-2026-26887 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. | 2.7 | LOW | — | 0 |
| CVE-2026-1265 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0869 Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASC... | 8.8 | HIGH | — | 0 |
| CVE-2025-70241 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70237 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70236 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66945 A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended direc... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-36364 IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-36363 IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-14923 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administe... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-14604 IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-13734 IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-13616 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-13490 IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-55027 Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. | 7.5 | HIGH | — | 0 |
| CVE-2024-55026 An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55025 Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-55024 An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55023 Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-55022 Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.