Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-30266 A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (Do... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-56808 A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerabi... | 7.8 | HIGH | — | 0 |
| CVE-2024-56807 An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We ha... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-1458 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenti... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1456 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1387 GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1282 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malici... | 3.5 | LOW | — | 0 |
| CVE-2026-1094 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI. | 4.6 | MEDIUM | — | 0 |
| CVE-2026-1080 GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticate... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0958 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denia... | 7.5 | HIGH | — | 0 |
| CVE-2026-0595 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authentic... | 7.3 | HIGH | — | 0 |
| CVE-2025-8099 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthen... | 7.5 | HIGH | — | 0 |
| CVE-2025-7659 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal token... | 8.0 | HIGH | — | 0 |
| CVE-2025-14594 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenti... | 3.5 | LOW | — | 0 |
| CVE-2025-14592 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authentic... | 3.7 | LOW | — | 0 |
| CVE-2025-14560 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authentic... | 7.3 | HIGH | — | 0 |
| CVE-2025-12575 GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticate... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-12073 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenti... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-10174 Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025. | 8.3 | HIGH | — | 0 |
| CVE-2026-2295 The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' func... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15096 The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly va... | 8.8 | HIGH | — | 0 |
| CVE-2026-1885 The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to in... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1853 The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1833 The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a u... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1827 The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1826 The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the order_qrcode shortcode in all versions up to, and in... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1821 The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_reservation shortcode in all versions up to, and including, 0.9.29 due to insuffi... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1809 The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1804 The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficien... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1786 The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1748 The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1560 The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. ... | 8.8 | HIGH | — | 0 |
| CVE-2026-1215 The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configur... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0815 The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0724 The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wplyr_accent_color' parameter in all versions up to, and including, 1.3.0 due to insufficient input sa... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-9986 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through ... | 8.2 | HIGH | — | 0 |
| CVE-2025-15440 The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanit... | 7.2 | HIGH | — | 0 |
| CVE-2025-13651 Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31. | 7.5 | HIGH | — | 0 |
| CVE-2025-13650 An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could in... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-13649 An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-13648 An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injec... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-10913 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS... | 8.3 | HIGH | — | 0 |
| CVE-2025-10912 Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.This issue affects TemizlikYo... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1357 The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1235 The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15400 The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. T... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26079 Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled. | 4.7 | MEDIUM | — | 0 |
| CVE-2026-26044 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26043 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26042 Rejected reason: Not used | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.