Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-26041 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26040 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26039 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26038 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26037 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26036 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-1893 The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_label' parameter in the 'orbisius_random_name_generator' shortcode in all versions up ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1231 The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `js` Global Settings parameter in all versions up to, and incl... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15524 The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and includi... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14541 The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditional_tags parameter. This is due to the plugin using PH... | 7.2 | HIGH | — | 0 |
| CVE-2025-13431 The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supp... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1571 User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25872 JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path inp... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25870 DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs serve... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-25251 Rejected reason: This has been moved to the REJECTED state because the information source is under review. If circumstances change, it is possible that this will be moved to the PUBLISHED state at a l... | N/A | NONE | — | 0 |
| CVE-2026-26013 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation w... | 3.7 | LOW | — | 0 |
| CVE-2026-26007 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), Ellip... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26006 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular Expr... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1507 The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service. | 7.5 | HIGH | — | 0 |
| CVE-2026-1495 The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-12699 The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS whe... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-2303 The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incor... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-21349 Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this ... | 7.8 | HIGH | — | 0 |
| CVE-2026-21348 Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sens... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-1763 Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. | 4.6 | MEDIUM | — | 0 |
| CVE-2026-1762 A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. | 2.9 | LOW | — | 0 |
| CVE-2025-54514 Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. | N/A | NONE | — | 0 |
| CVE-2025-52536 Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity. | N/A | NONE | — | 0 |
| CVE-2025-52534 Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity. | N/A | NONE | — | 0 |
| CVE-2025-48517 Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potenti... | N/A | NONE | — | 0 |
| CVE-2025-48515 Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code exe... | N/A | NONE | — | 0 |
| CVE-2025-48514 Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality. | N/A | NONE | — | 0 |
| CVE-2025-48509 Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory ... | N/A | NONE | — | 0 |
| CVE-2025-29952 Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memor... | N/A | NONE | — | 0 |
| CVE-2025-29951 A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution. | N/A | NONE | — | 0 |
| CVE-2025-29950 Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution. | N/A | NONE | — | 0 |
| CVE-2025-29949 Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially result... | N/A | NONE | — | 0 |
| CVE-2025-29948 Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory inte... | N/A | NONE | — | 0 |
| CVE-2025-29946 Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory. | N/A | NONE | — | 0 |
| CVE-2025-29939 Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially ... | N/A | NONE | — | 0 |
| CVE-2025-0031 A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the migration agent potentially resulting i... | N/A | NONE | — | 0 |
| CVE-2025-0029 Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory i... | N/A | NONE | — | 0 |
| CVE-2025-0012 Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in ... | N/A | NONE | — | 0 |
| CVE-2024-36355 Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execu... | N/A | NONE | — | 0 |
| CVE-2024-36311 A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentiall... | N/A | NONE | — | 0 |
| CVE-2024-36310 Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or inte... | N/A | NONE | — | 0 |
| CVE-2024-21953 Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity. | N/A | NONE | — | 0 |
| CVE-2021-26410 Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the k... | N/A | NONE | — | 0 |
| CVE-2021-26381 Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory c... | N/A | NONE | — | 0 |
| CVE-2026-2302 Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code. | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.