Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-32602 Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.register) is vulnerable to a race condition that allows an attacker to create multiple user accounts... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-31153 A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-31151 An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31150 Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-31067 A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. | 6.8 | MEDIUM | — | 0 |
| CVE-2026-31066 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial o... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31065 UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31063 UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31062 UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial ... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31061 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the ConfigAdvideo function. This vulnerability allows attackers to cause a Denial of... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31060 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of S... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31059 A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31058 UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to c... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-31053 A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple t... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-29047 GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is ... | 7.2 | HIGH | — | 0 |
| CVE-2026-26263 GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in ... | 8.1 | HIGH | — | 0 |
| CVE-2026-26027 GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 1... | 7.5 | HIGH | — | 0 |
| CVE-2026-26026 GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-25932 GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.... | 7.2 | HIGH | — | 0 |
| CVE-2026-5660 A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5659 A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The m... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-30078 OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent wit... | 7.5 | HIGH | — | 0 |
| CVE-2026-3524 Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and de... | 8.8 | HIGH | — | 0 |
| CVE-2026-5650 A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in i... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5649 A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint.... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5648 A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of t... | 7.3 | HIGH | — | 0 |
| CVE-2026-5647 A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argume... | 2.4 | LOW | — | 0 |
| CVE-2026-5646 A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/pa... | 7.3 | HIGH | — | 0 |
| CVE-2026-5645 A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a m... | 7.3 | HIGH | — | 0 |
| CVE-2026-5673 A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local atta... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-5644 A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.... | 2.4 | LOW | — | 0 |
| CVE-2026-5643 A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of the... | 2.4 | LOW | — | 0 |
| CVE-2026-5642 A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTT... | 7.3 | HIGH | — | 0 |
| CVE-2026-5641 A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The man... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5640 A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. Th... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5639 A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulatio... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5638 A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5637 A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such manip... | 7.3 | HIGH | — | 0 |
| CVE-2026-37977 A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occu... | 3.7 | LOW | — | 0 |
| CVE-2026-5636 A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5635 A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Param... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5634 A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The man... | 7.3 | HIGH | — | 0 |
| CVE-2026-5633 A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument source_urls can lead to... | 7.3 | HIGH | — | 0 |
| CVE-2026-31410 In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION Use sb->s_uuid for a proper volume identifier as the primary choice. For filesy... | N/A | NONE | — | 0 |
| CVE-2026-31409 In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BIN... | N/A | NONE | — | 0 |
| CVE-2026-31408 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_loc... | N/A | NONE | — | 0 |
| CVE-2026-31407 In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. Thes... | N/A | NONE | — | 0 |
| CVE-2026-31406 In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() After cancel_delayed_work_sync() is called from xfrm_nat_... | N/A | NONE | — | 0 |
| CVE-2026-31405 In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tab... | N/A | NONE | — | 0 |
| CVE-2026-5632 A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authenticati... | 7.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.