Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-23570 A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent netwo... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23569 An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak sta... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23568 An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent n... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-23567 An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent netwo... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23566 A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23565 A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the Noma... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23564 A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23563 Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-1188 In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between pro... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14975 The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their... | 8.1 | HIGH | — | 0 |
| CVE-2026-25067 SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-sup... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-55704 Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-53869 Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the prod... | 3.7 | LOW | — | 0 |
| CVE-2026-1552 A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The at... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1551 A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can l... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15344 Tanium addressed a SQL injection vulnerability in Asset. | 6.3 | MEDIUM | — | 0 |
| CVE-2026-24897 Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient vali... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-1550 A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the compo... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1549 A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component Plugin... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1548 A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command inject... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-24889 soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24888 Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the `makerjs.extendObject` function copies properties from source objects wit... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24857 `bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR ins... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1547 A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in comman... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1546 A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component c... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1545 A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can ... | 7.3 | HIGH | — | 0 |
| CVE-2026-1544 A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os com... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-24856 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue ... | 7.8 | HIGH | — | 0 |
| CVE-2026-24835 Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to complet... | 7.1 | HIGH | — | 0 |
| CVE-2026-24769 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a stored cross-site scripting (XSS) vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated u... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-24768 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of th... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24767 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exists in the `uploadViaURL` functionality due to an unpro... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-24766 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/conne... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-24742 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24739 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not corr... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-23743 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources (private topics, categories, posts, ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1535 A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID ... | 7.3 | HIGH | — | 0 |
| CVE-2026-1534 A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sq... | 7.3 | HIGH | — | 0 |
| CVE-2026-1533 A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1532 A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of ... | 2.4 | LOW | — | 0 |
| CVE-2025-71007 An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | HIGH | — | 0 |
| CVE-2025-71006 A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-71005 A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-71004 A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-71003 An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | HIGH | — | 0 |
| CVE-2026-21865 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-71002 A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-69289 Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-69218 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the `top_uploads` admin report which should be restricted to admi... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68934 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) proce... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.