Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-59710 An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craf... | N/A | NONE | — | 0 |
| CVE-2025-59709 An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or c... | N/A | NONE | — | 0 |
| CVE-2026-5468 A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross... | 3.5 | LOW | — | 0 |
| CVE-2026-28736 ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the conte... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25773 ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicio... | 8.1 | HIGH | — | 0 |
| CVE-2026-23426 In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logicvc_drm_config_parse() function calls of_get_chi... | N/A | NONE | — | 0 |
| CVE-2026-23425 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate in... | N/A | NONE | — | 0 |
| CVE-2026-23424 In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload ... | N/A | NONE | — | 0 |
| CVE-2026-23423 In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never freed in the hopes that it is... | N/A | NONE | — | 0 |
| CVE-2026-23422 In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check fo... | N/A | NONE | — | 0 |
| CVE-2026-23421 In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_... | N/A | NONE | — | 0 |
| CVE-2026-23420 In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl->mutex is locked before it is unlocked. This has been detected by the Clang thre... | N/A | NONE | — | 0 |
| CVE-2026-23419 In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk_... | N/A | NONE | — | 0 |
| CVE-2026-23418 In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Fix leak on xa_store failure Free the newly allocated entry when xa_store() fails to avoid a memory leak on the err... | N/A | NONE | — | 0 |
| CVE-2026-27655 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. | 7.3 | HIGH | — | 0 |
| CVE-2026-5467 A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4108 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. | 7.3 | HIGH | — | 0 |
| CVE-2026-4107 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. | 7.3 | HIGH | — | 0 |
| CVE-2026-3880 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. | 7.3 | HIGH | — | 0 |
| CVE-2026-3879 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | 7.3 | HIGH | — | 0 |
| CVE-2026-28703 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | 7.3 | HIGH | — | 0 |
| CVE-2026-28756 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. | 7.3 | HIGH | — | 0 |
| CVE-2026-28754 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. | 7.3 | HIGH | — | 0 |
| CVE-2026-5462 A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.... | 3.3 | LOW | — | 0 |
| CVE-2026-4350 The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method proce... | 8.1 | HIGH | — | 0 |
| CVE-2025-7024 Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a us... | 7.3 | HIGH | — | 0 |
| CVE-2026-5458 A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.... | 3.3 | LOW | — | 0 |
| CVE-2026-5457 A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of t... | 3.3 | LOW | — | 0 |
| CVE-2026-5456 A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the compo... | 3.3 | LOW | — | 0 |
| CVE-2026-5455 A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing ... | 3.3 | LOW | — | 0 |
| CVE-2026-5463 Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks... | 8.6 | HIGH | — | 0 |
| CVE-2026-5454 A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulati... | 3.3 | LOW | — | 0 |
| CVE-2026-5453 A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.j... | 3.3 | LOW | — | 0 |
| CVE-2026-35549 An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user ac... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-35545 An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure o... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-35544 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-35543 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead t... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-35542 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-35541 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing t... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-35540 An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if st... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-35539 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-35538 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search. | 3.1 | LOW | — | 0 |
| CVE-2026-5452 A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This mani... | 3.3 | LOW | — | 0 |
| CVE-2026-35537 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attac... | 3.7 | LOW | — | 0 |
| CVE-2026-35536 In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters. | 7.2 | HIGH | — | 0 |
| CVE-2026-35535 In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. | 7.4 | HIGH | — | 0 |
| CVE-2026-28815 A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime p... | 7.5 | HIGH | — | 0 |
| CVE-2026-35508 Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, | 5.4 | MEDIUM | — | 0 |
| CVE-2026-35507 Shynet before 0.14.0 allows Host header injection in the password reset flow. | 6.4 | MEDIUM | — | 0 |
| CVE-2026-33107 Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | 10.0 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.