Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-24127 Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-0991 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-12780 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-70458 A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because t... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-70457 A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file con... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1386 A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer dir... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-52026 An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashi... | 7.5 | HIGH | — | 0 |
| CVE-2025-52025 An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inser... | 9.4 | CRITICAL | — | 0 |
| CVE-2025-52024 A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is pre... | 9.4 | CRITICAL | — | 0 |
| CVE-2025-52023 A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets,... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-52022 A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snipp... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-67264 An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via... | 7.8 | HIGH | — | 0 |
| CVE-2026-21867 Rejected reason: Reason: This candidate was issued in error. | N/A | NONE | — | 0 |
| CVE-2025-70986 Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data. | 7.5 | HIGH | — | 0 |
| CVE-2025-70985 Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-70983 Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges. | 9.9 | CRITICAL | — | 0 |
| CVE-2025-14947 The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24423 SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the mal... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-1299 The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serializ... | N/A | NONE | — | 0 |
| CVE-2025-71177 LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or Ja... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-67231 A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-67230 Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validat... | 7.1 | HIGH | — | 0 |
| CVE-2025-67229 An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficien... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25369 An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47906 BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious j... | 6.4 | MEDIUM | — | 0 |
| CVE-2021-47905 MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-47904 PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted f... | 8.8 | HIGH | — | 0 |
| CVE-2021-47903 LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands thr... | 8.8 | HIGH | — | 0 |
| CVE-2021-47899 YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit ... | 4.0 | MEDIUM | — | 0 |
| CVE-2021-47898 Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious exec... | 7.8 | HIGH | — | 0 |
| CVE-2021-47897 PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when ... | 7.2 | HIGH | — | 0 |
| CVE-2021-47896 PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exp... | 7.8 | HIGH | — | 0 |
| CVE-2021-47895 Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,... | 7.5 | HIGH | — | 0 |
| CVE-2021-47894 Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-chara... | 7.5 | HIGH | — | 0 |
| CVE-2021-47893 AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers ca... | 7.5 | HIGH | — | 0 |
| CVE-2021-47892 PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads tha... | 7.2 | HIGH | — | 0 |
| CVE-2021-47891 Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by conne... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47890 LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executable... | 7.8 | HIGH | — | 0 |
| CVE-2021-47889 Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit ... | 7.8 | HIGH | — | 0 |
| CVE-2021-47888 Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell... | 8.8 | HIGH | — | 0 |
| CVE-2021-47881 dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft ... | 8.4 | HIGH | — | 0 |
| CVE-2018-25132 MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script pa... | 6.1 | MEDIUM | — | 0 |
| CVE-2018-25116 MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when o... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-22995 In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublk_partition_scan_work A race condition exists between the async partition scan work and device tear... | 7.8 | HIGH | — | 0 |
| CVE-2026-22994 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpf_prog_test_run_xdp() syzbot is reporting unregister_netdevice: waiting for sit0 to become f... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-22993 In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface is... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-22992 In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagated... | 7.5 | HIGH | — | 0 |
| CVE-2026-22991 In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its ca... | 7.5 | HIGH | — | 0 |
| CVE-2026-22990 In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the increment... | 7.5 | HIGH | — | 0 |
| CVE-2026-22989 In the Linux kernel, the following vulnerability has been resolved: nfsd: check that server is running in unlock_filesystem If we are trying to unlock the filesystem via an administrative interface ... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.