Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-11679 Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocat... | N/A | NONE | — | 0 |
| CVE-2025-11680 Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated b... | N/A | NONE | — | 0 |
| CVE-2025-40006 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix folio is still mapped when deleted Migration may be raced with fallocating hole. remove_inode_single_folio will u... | N/A | NONE | — | 0 |
| CVE-2025-40007 In the Linux kernel, the following vulnerability has been resolved: netfs: fix reference leak Commit 20d72b00ca81 ("netfs: Fix the request's work item to not require a ref") modified netfs_alloc_req... | N/A | NONE | — | 0 |
| CVE-2025-40008 In the Linux kernel, the following vulnerability has been resolved: kmsan: fix out-of-bounds access to shadow memory Running sha224_kunit on a KMSAN-enabled kernel results in a crash in kmsan_intern... | N/A | NONE | — | 0 |
| CVE-2025-40009 In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: check p->vec_buf for NULL When the PAGEMAP_SCAN ioctl is invoked with vec_len = 0 reaches pagemap_scan_backout_r... | N/A | NONE | — | 0 |
| CVE-2025-40010 In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afs_put_server afs_put_server() accessed server->debug_id before the NULL check, wh... | N/A | NONE | — | 0 |
| CVE-2025-60932 Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-40011 In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the dri... | N/A | NONE | — | 0 |
| CVE-2025-40012 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which ... | N/A | NONE | — | 0 |
| CVE-2025-40013 In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget... | N/A | NONE | — | 0 |
| CVE-2025-40015 In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32_csi_start', 'csidev->s_subdev' is dereferenced directly while assign... | N/A | NONE | — | 0 |
| CVE-2025-40017 In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal buffer which is allocated only once per session was ... | N/A | NONE | — | 0 |
| CVE-2025-60856 Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitra... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-6515 The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to ... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-3465 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; CoreSense™ M10: t... | 7.1 | HIGH | — | 0 |
| CVE-2025-62693 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - LastModified Extension allows Stored XSS.This issue af... | N/A | NONE | — | 0 |
| CVE-2025-62698 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ExternalGuidance allows Stored XSS.This issue affects ... | N/A | NONE | — | 0 |
| CVE-2025-62700 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.This... | N/A | NONE | — | 0 |
| CVE-2025-5517 Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno C... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-61488 An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter | 7.6 | HIGH | — | 0 |
| CVE-2025-62522 Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to befo... | N/A | NONE | — | 0 |
| CVE-2025-62697 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injectio... | N/A | NONE | — | 0 |
| CVE-2025-30257 Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-61301 Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysi... | 7.5 | HIGH | — | 0 |
| CVE-2025-61303 Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sampl... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-62656 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue af... | N/A | NONE | — | 0 |
| CVE-2025-62657 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects... | N/A | NONE | — | 0 |
| CVE-2025-62658 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affect... | N/A | NONE | — | 0 |
| CVE-2025-11536 The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template acti... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-62677 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62678 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62679 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62680 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62681 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62682 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62683 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62684 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62695 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affe... | N/A | NONE | — | 0 |
| CVE-2025-62696 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This... | N/A | NONE | — | 0 |
| CVE-2025-60933 Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML v... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-62699 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to mak... | N/A | NONE | — | 0 |
| CVE-2025-62694 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affect... | N/A | NONE | — | 0 |
| CVE-2025-62701 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Media... | N/A | NONE | — | 0 |
| CVE-2025-62702 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affe... | N/A | NONE | — | 0 |
| CVE-2025-10916 The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary ... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-11949 EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specifi... | 7.5 | HIGH | — | 0 |
| CVE-2025-12004 Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affe... | N/A | NONE | — | 0 |
| CVE-2025-10612 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Gui... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-11151 Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Tr... | 8.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.