Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-41179 Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-67482 Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This iss... | N/A | NONE | — | 0 |
| CVE-2018-25247 MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craf... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-34257 Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the pag... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-34261 Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | 5.0 | MEDIUM | — | 0 |
| CVE-2026-34264 During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-34984 External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-33414 Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the ... | 7.8 | HIGH | — | 0 |
| CVE-2026-34454 OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in... | 3.5 | LOW | — | 0 |
| CVE-2026-35031 Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field i... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-30615 A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious ins... | 8.0 | HIGH | — | 0 |
| CVE-2026-5387 The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privil... | N/A | NONE | — | 0 |
| CVE-2026-20152 A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requireme... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20161 A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected devic... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-30996 An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET reques... | 7.5 | HIGH | — | 0 |
| CVE-2026-32631 Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricki... | 7.4 | HIGH | — | 0 |
| CVE-2026-5758 JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-33667 OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm_otp action of the two_factor_authentication module has no rate limiting, ... | 7.4 | HIGH | — | 0 |
| CVE-2026-34242 Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has bee... | 7.7 | HIGH | — | 0 |
| CVE-2026-34632 Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged lo... | 8.2 | HIGH | — | 0 |
| CVE-2026-6299 Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | HIGH | — | 0 |
| CVE-2026-6306 Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2025-67979 Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sh... | 9.9 | CRITICAL | — | 0 |
| CVE-2025-67984 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a thro... | 7.1 | HIGH | — | 0 |
| CVE-2025-67988 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects ... | 8.1 | HIGH | — | 0 |
| CVE-2025-67990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 GMap Targeting gmap-targeting allows Reflected XSS.This issue affects GMap Targeting: f... | 7.1 | HIGH | — | 0 |
| CVE-2025-67993 Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67998 Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a ... | 8.8 | HIGH | — | 0 |
| CVE-2025-68002 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22408 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Justicia justicia allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | — | 0 |
| CVE-2025-69407 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | — | 0 |
| CVE-2025-69410 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue af... | 8.1 | HIGH | — | 0 |
| CVE-2026-33779 An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to c... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22361 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-... | 8.1 | HIGH | — | 0 |
| CVE-2025-68042 Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a thro... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68501 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This i... | 7.1 | HIGH | — | 0 |
| CVE-2026-22363 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rh... | 8.1 | HIGH | — | 0 |
| CVE-2026-22364 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue af... | 8.1 | HIGH | — | 0 |
| CVE-2025-68531 Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons f... | 8.8 | HIGH | — | 0 |
| CVE-2025-68541 Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-68549 Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1. | 9.9 | CRITICAL | — | 0 |
| CVE-2026-22367 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue aff... | 8.1 | HIGH | — | 0 |
| CVE-2026-22370 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | — | 0 |
| CVE-2026-22373 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fooddy fooddy allows PHP Local File Inclusion.This issue affects F... | 8.1 | HIGH | — | 0 |
| CVE-2026-22376 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion.This issue affec... | 8.1 | HIGH | — | 0 |
| CVE-2026-22379 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Netmix netmix allows PHP Local File Inclusion.This issue affects N... | 8.1 | HIGH | — | 0 |
| CVE-2026-24956 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This issu... | 9.3 | CRITICAL | — | 0 |
| CVE-2026-24959 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk:... | 8.5 | HIGH | — | 0 |
| CVE-2025-68842 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget... | 7.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.