Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-24798 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with pr... | N/A | NONE | — | 0 |
| CVE-2026-24797 Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libjpeg-turbo/libjpeg-turbo modules). This vulnerability is associated with program files tjbench.C. This issue affects cupoch. | N/A | NONE | — | 0 |
| CVE-2026-24796 Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C. ... | N/A | NONE | — | 0 |
| CVE-2026-24795 Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regcomp.C. ... | N/A | NONE | — | 0 |
| CVE-2026-24794 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpowered/impl/world modules). This vulnerability is assoc... | N/A | NONE | — | 0 |
| CVE-2026-24793 Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with pr... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24344 Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution | N/A | NONE | — | 0 |
| CVE-2026-21721 The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard ... | 8.1 | HIGH | — | 0 |
| CVE-2026-21720 Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops li... | 7.5 | HIGH | — | 0 |
| CVE-2026-1465 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource (third_party/faad2-2.7/libfaad modules). This vulnerability is associ... | N/A | NONE | — | 0 |
| CVE-2026-1464 Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager (app/src/main/java/org/apache/commons/compress/archivers/tar modules). This vulnerability is associated with program files TarU... | N/A | NONE | — | 0 |
| CVE-2025-14971 The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-21408 beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed wit... | N/A | NONE | — | 0 |
| CVE-2026-1361 ASDA-Soft Stack-based Buffer Overflow Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2026-24686 go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string (`repoName`) as a filesystem path component when selecting the loc... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-24490 MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute a... | 8.1 | HIGH | — | 0 |
| CVE-2026-24489 Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF (C... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24486 Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_F... | 8.6 | HIGH | — | 0 |
| CVE-2026-24480 QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83e... | N/A | NONE | — | 0 |
| CVE-2026-24479 HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to pr... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23683 SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiali... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24478 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the Drup... | 7.2 | HIGH | — | 0 |
| CVE-2026-24477 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the ve... | 7.5 | HIGH | — | 0 |
| CVE-2026-1449 A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a m... | 7.3 | HIGH | — | 0 |
| CVE-2026-1448 A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation o... | 7.2 | HIGH | — | 0 |
| CVE-2026-24476 Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24470 Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service o... | 8.1 | HIGH | — | 0 |
| CVE-2026-24408 sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `... | 0.0 | NONE | — | 0 |
| CVE-2026-24400 AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity (XXE) vulnerability exists in `org... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-24123 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's `bentofile.yaml` configuration allows path traversal attac... | 7.4 | HIGH | — | 0 |
| CVE-2025-30248 DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's searc... | N/A | NONE | — | 0 |
| CVE-2026-24131 pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malic... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-24056 pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24003 EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transitio... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-23890 pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23889 pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23888 pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vul... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22709 vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22696 dcap-qvl implements the quote verification logic for DCAP (Data Center Attestation Primitives). A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verifica... | N/A | NONE | — | 0 |
| CVE-2026-1445 A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of the file controllers/books_center/upload_bookCover.php.... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1444 A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such ma... | 2.4 | LOW | — | 0 |
| CVE-2025-59473 SQL Injection vulnerability in the Structure for Admin authenticated user | 7.2 | HIGH | — | 0 |
| CVE-2025-59472 A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with th... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-59471 A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads exter... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-23864 Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulne... | 7.5 | HIGH | — | 0 |
| CVE-2026-1443 A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argument... | 7.3 | HIGH | — | 0 |
| CVE-2026-1190 A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` times... | 3.1 | LOW | — | 0 |
| CVE-2026-0810 A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `Ti... | 7.1 | HIGH | — | 0 |
| CVE-2025-9820 A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the fun... | 4.0 | MEDIUM | — | 0 |
| CVE-2025-9615 A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.