Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-23005 In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when upda... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23004 In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flus... | 7.8 | HIGH | — | 0 |
| CVE-2026-23003 In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() Blamed commit did not take care of VLAN encapsulations as spotted by sy... | 7.5 | HIGH | — | 0 |
| CVE-2026-23002 In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read() for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23001 In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan... | 7.8 | HIGH | — | 0 |
| CVE-2026-23000 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile change rollback failure mlx5e_netdev_change_profile can fail to attach a new profile and can fail ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-22999 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should... | 7.8 | HIGH | — | 0 |
| CVE-2026-22998 In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host... | 7.5 | HIGH | — | 0 |
| CVE-2026-22997 In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivat... | 7.5 | HIGH | — | 0 |
| CVE-2026-22996 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv mlx5e_priv is an unstable structure that can be memset(0) if profile a... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71163 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71162 In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, ... | 7.8 | HIGH | — | 0 |
| CVE-2020-36937 Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2020-36936 Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elev... | 7.8 | HIGH | — | 0 |
| CVE-2020-36935 KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquo... | 7.8 | HIGH | — | 0 |
| CVE-2020-36934 Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers c... | 7.8 | HIGH | — | 0 |
| CVE-2020-36933 HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with e... | 7.8 | HIGH | — | 0 |
| CVE-2020-36932 SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' b... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-36931 Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat nam... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1406 A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of ... | 3.5 | LOW | — | 0 |
| CVE-2025-6461 The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0593 The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all vers... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0862 The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient inpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0911 The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function ... | 7.5 | HIGH | — | 0 |
| CVE-2025-13920 The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1302 The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and out... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1300 The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sani... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1266 The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output esca... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1208 The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1191 The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitizatio... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1189 The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_id' parameter of the 'leadbi_form' shortcode in all versions up to, and including, 1.7 d... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1127 The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `id` parameter in all versions up to, and including, 3.2 due to insufficient input sanitization ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1098 The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' shortcode attribute in all versions up to, and including, 1.2.1 due to insufficient input sanitizatio... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0800 The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including,... | 7.2 | HIGH | — | 0 |
| CVE-2026-0687 The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mb_gallery' custom post type in all versions up to, and inclu... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0633 The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due ... | 3.7 | LOW | — | 0 |
| CVE-2025-15516 The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_callback_store_user_meta() function in versions 4.1.0... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14907 The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the msp_admin_page(... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14630 The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSetting... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-13205 The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-13194 The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-13139 The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation o... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1257 The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get_template' shortcode. This is d... | 7.5 | HIGH | — | 0 |
| CVE-2026-1103 The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1099 The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to ins... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1097 The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' shortcode attributes in all versions up to... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1095 The Canto Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fx' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitizati... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1088 The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotion_loginform_proc... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1084 The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input s... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1081 The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category up... | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.