Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-31817 OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used fo... | 8.5 | HIGH | — | 0 |
| CVE-2026-31829 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests... | 7.1 | HIGH | — | 0 |
| CVE-2026-31819 Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction(), ImpersonateUserController::impersonateAction() and StorageBasedLocaleSwitcher::handle() use the HTTP ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-31820 Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference (IDOR) vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs a... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-31821 Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/{tokenValue}/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other reg... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-31822 Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting (XSS) vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-5579 A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parame... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-31823 Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple places across the shop frontend and admin panel due to unsa... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-31824 Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use (TOCTOU) race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability... | 8.2 | HIGH | — | 0 |
| CVE-2026-31825 Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctri... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-31826 pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stre... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31827 Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new ... | N/A | NONE | — | 0 |
| CVE-2026-31828 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP inject... | 8.8 | HIGH | — | 0 |
| CVE-2026-31832 Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign doma... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-31833 Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-31834 Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users wi... | 7.2 | HIGH | — | 0 |
| CVE-2026-31837 Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, ex... | 7.5 | HIGH | — | 0 |
| CVE-2026-31838 Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-20005 Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high com... | N/A | NONE | — | 0 |
| CVE-2025-20028 Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combine... | N/A | NONE | — | 0 |
| CVE-2025-20064 Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a ... | N/A | NONE | — | 0 |
| CVE-2025-20068 Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with ... | N/A | NONE | — | 0 |
| CVE-2025-20073 Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined wit... | N/A | NONE | — | 0 |
| CVE-2025-20096 Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity... | N/A | NONE | — | 0 |
| CVE-2025-20105 Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a l... | N/A | NONE | — | 0 |
| CVE-2025-22444 Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with... | N/A | NONE | — | 0 |
| CVE-2025-22850 Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined ... | N/A | NONE | — | 0 |
| CVE-2026-21333 Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitati... | 8.6 | HIGH | — | 0 |
| CVE-2026-21362 Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi... | 7.8 | HIGH | — | 0 |
| CVE-2026-27267 Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation... | 7.8 | HIGH | — | 0 |
| CVE-2026-27268 Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27270 Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27271 Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation ... | 7.8 | HIGH | — | 0 |
| CVE-2025-15515 The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage | N/A | NONE | — | 0 |
| CVE-2026-27272 Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi... | 7.8 | HIGH | — | 0 |
| CVE-2026-2569 The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via PDF page labels in all versions up to, and including, 2.4.20 ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-27223 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable f... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27224 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable f... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27225 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27226 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable f... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27228 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27229 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable f... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27230 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27231 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable f... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27232 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-21289 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b... | 7.5 | HIGH | — | 0 |
| CVE-2026-27233 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27234 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable f... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27235 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.