Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-67438 A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-60183 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesof... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-60087 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addo... | 8.1 | HIGH | — | 0 |
| CVE-2025-53237 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Wizard Cloak wp-wizard-cloak allows Reflected XSS.This issue affects WP Wizard Cloak: fr... | 7.1 | HIGH | — | 0 |
| CVE-2025-53233 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RylanH Storyform storyform allows Reflected XSS.This issue affects Storyform: from n/a through <= ... | 7.1 | HIGH | — | 0 |
| CVE-2025-53231 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy Ta... | 7.1 | HIGH | — | 0 |
| CVE-2025-53228 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue a... | 7.1 | HIGH | — | 0 |
| CVE-2025-53217 Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/... | 7.6 | HIGH | — | 0 |
| CVE-2025-52744 Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a throu... | 7.7 | HIGH | — | 0 |
| CVE-2025-52603 HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is... | 3.5 | LOW | — | 0 |
| CVE-2024-56208 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-54222 Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-52387 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-51915 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSp... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-50555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Websi... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-50452 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexte... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-43228 Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-34438 Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-21627 The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could b... | N/A | NONE | — | 0 |
| CVE-2025-14547 An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing ... | N/A | NONE | — | 0 |
| CVE-2025-14055 An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet. | N/A | NONE | — | 0 |
| CVE-2026-2486 The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficien... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-10970 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 200... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-21620 Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules... | N/A | NONE | — | 0 |
| CVE-2026-26050 The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arb... | N/A | NONE | — | 0 |
| CVE-2026-26370 WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web brows... | N/A | NONE | — | 0 |
| CVE-2025-59819 This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2825 A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross sit... | 3.5 | LOW | — | 0 |
| CVE-2026-2824 A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component webmggnt. Executing a manipulation... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2823 A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component webmggnt. Perfo... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2822 A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, han... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27325 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27324 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27323 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27322 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27321 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27320 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27319 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27318 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27317 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-2821 A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impacted is an unknown function of the file /Module/CRXT/Controller/XCamera.ashx. This manipulation of t... | 7.3 | HIGH | — | 0 |
| CVE-2026-2384 The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-27017 uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Ch... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26996 minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a ... | 7.5 | HIGH | — | 0 |
| CVE-2026-26995 Rejected reason: Further research determined the issue is an external dependency vulnerability. | N/A | NONE | — | 0 |
| CVE-2026-26994 uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 dow... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26993 Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitizat... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-26992 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform St... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-26991 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform ... | 4.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.