Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-52334 A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the ori... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-11242 Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: th... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1722 The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the pl... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2099 AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2098 AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing a... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2097 Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution... | 8.8 | HIGH | — | 0 |
| CVE-2026-2096 Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2095 Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2094 Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 8.8 | HIGH | — | 0 |
| CVE-2026-2093 Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | 7.5 | HIGH | — | 0 |
| CVE-2025-12063 An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. | 5.7 | MEDIUM | — | 0 |
| CVE-2026-0996 The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authoriza... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-13064 A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a... | 4.5 | MEDIUM | — | 0 |
| CVE-2025-12757 An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. | 4.6 | MEDIUM | — | 0 |
| CVE-2025-11547 AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. | 7.8 | HIGH | — | 0 |
| CVE-2025-11142 The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or adm... | 7.1 | HIGH | — | 0 |
| CVE-2026-25981 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25980 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25979 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25978 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25977 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25976 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25975 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25974 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25973 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-2260 A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The a... | 7.2 | HIGH | — | 0 |
| CVE-2026-2259 A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsi... | 3.3 | LOW | — | 0 |
| CVE-2026-24328 SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposi... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24327 Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unau... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24326 Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct upda... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24325 SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScrip... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-24324 SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24323 The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24322 SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vul... | 7.7 | HIGH | — | 0 |
| CVE-2026-24321 SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be public... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24320 Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially craft... | 3.1 | LOW | — | 0 |
| CVE-2026-24319 In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations w... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-24312 An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensiti... | 5.2 | MEDIUM | — | 0 |
| CVE-2026-23689 Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function... | 7.7 | HIGH | — | 0 |
| CVE-2026-23688 SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidenti... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-23687 SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier.... | 8.8 | HIGH | — | 0 |
| CVE-2026-23686 Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If proce... | 3.4 | LOW | — | 0 |
| CVE-2026-23685 Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processe... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-23684 A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value whic... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-23681 Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0509 SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cas... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-0508 The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim ma... | 7.3 | HIGH | — | 0 |
| CVE-2026-0505 The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0490 SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from ... | 7.5 | HIGH | — | 0 |
| CVE-2026-0488 An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the abi... | 9.9 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.