Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-24539 Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección d... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24538 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue af... | 7.5 | HIGH | — | 0 |
| CVE-2026-24536 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24535 Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24534 Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <=... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24532 Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This i... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24531 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affect... | 7.5 | HIGH | — | 0 |
| CVE-2026-24530 Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a th... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24529 Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24528 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a t... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24526 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options a... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24525 Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24524 Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.8. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24523 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affe... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24522 Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through <... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24521 Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0994 A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any message... | 7.5 | HIGH | — | 0 |
| CVE-2025-71157 In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Since nldev_deldev() (introduced by commit 060c642b2ab8 ("RD... | 7.8 | HIGH | — | 0 |
| CVE-2025-71156 In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. Th... | 7.8 | HIGH | — | 0 |
| CVE-2025-71155 In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory ... | 7.8 | HIGH | — | 0 |
| CVE-2025-71154 In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocate... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71153 In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately wit... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71152 In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference han... | 7.8 | HIGH | — | 0 |
| CVE-2025-71151 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71150 In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2_SESSION... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71149 In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions c... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71148 In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when sub... | 3.3 | LOW | — | 0 |
| CVE-2025-71147 In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but i... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71146 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skippi... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-69907 An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can... | 7.5 | HIGH | — | 0 |
| CVE-2025-71145 In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced... | 7.8 | HIGH | — | 0 |
| CVE-2025-13921 The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the '... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0914 The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficie... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-4320 Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass,... | 10.0 | CRITICAL | — | 0 |
| CVE-2025-4319 Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute ... | 9.4 | CRITICAL | — | 0 |
| CVE-2025-14866 The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary... | 8.8 | HIGH | — | 0 |
| CVE-2025-2204 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-22276 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local ac... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-22275 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-22274 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenti... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22273 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access... | 8.8 | HIGH | — | 0 |
| CVE-2025-46699 Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with rem... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22271 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with r... | 7.5 | HIGH | — | 0 |
| CVE-2026-1364 IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1363 IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web fro... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24515 In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | 2.9 | LOW | — | 0 |
| CVE-2026-0603 A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in... | 8.3 | HIGH | — | 0 |
| CVE-2024-11976 The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action tha... | 7.3 | HIGH | — | 0 |
| CVE-2026-0927 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all ve... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14745 The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all vers... | 6.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.