Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-45471 Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. | 8.8 | HIGH | — | 0 |
| CVE-2025-5079 A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the a... | 7.3 | HIGH | — | 0 |
| CVE-2025-45468 Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. | 8.8 | HIGH | — | 0 |
| CVE-2025-43596 An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary fi... | 7.8 | HIGH | — | 0 |
| CVE-2025-45472 Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. | 8.8 | HIGH | — | 0 |
| CVE-2024-5962 A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploi... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-4975 When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device. | N/A | NONE | — | 0 |
| CVE-2025-2394 Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. | N/A | NONE | — | 0 |
| CVE-2025-5098 PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-5099 An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-5100 A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | 8.0 | HIGH | — | 0 |
| CVE-2025-5107 A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argumen... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1792 Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest us... | 3.1 | LOW | — | 0 |
| CVE-2025-5126 A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation ... | 8.8 | HIGH | — | 0 |
| CVE-2025-5127 A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site s... | 3.5 | LOW | — | 0 |
| CVE-2025-40664 Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-40665 Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.a... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-40666 Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.as... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-40667 Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-5244 A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-5245 A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation le... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-23247 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitra... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-13966 ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Users should change their passwords (located un... | 7.3 | HIGH | — | 0 |
| CVE-2025-5279 When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecu... | N/A | NONE | — | 0 |
| CVE-2025-48931 The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort. | 3.2 | LOW | — | 0 |
| CVE-2024-47055 SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper author... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-3913 Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators with... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-5325 A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the f... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5326 A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5307 Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected ins... | 7.8 | HIGH | — | 0 |
| CVE-2025-48381 Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able t... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-7097 An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-2571 Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to ... | 4.2 | MEDIUM | — | 0 |
| CVE-2025-3230 Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to ma... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-13916 An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android... | N/A | NONE | — | 0 |
| CVE-2025-48938 go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterpr... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-1440 An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A mali... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46710 Possible kernel exceptions caused by reading and writing kernel heap data after free. | 5.7 | MEDIUM | — | 0 |
| CVE-2024-3509 A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. T... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-7073 A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate se... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-8008 A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation reque... | 5.2 | MEDIUM | — | 0 |
| CVE-2025-5068 Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | HIGH | — | 0 |
| CVE-2025-5511 A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulat... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-5512 A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administra... | 7.3 | HIGH | — | 0 |
| CVE-2025-30359 webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a ma... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-5513 A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The ... | 3.5 | LOW | — | 0 |
| CVE-2025-48953 Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowa... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-5544 A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/ja... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-5569 A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argumen... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-6118 A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been rated as critical. This issue affects some unknown processing of the file /vehicle/search of the component API. Th... | 7.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.