Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-5961 A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument pos... | 7.3 | HIGH | — | 0 |
| CVE-2026-5971 A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Exec... | 7.3 | HIGH | — | 0 |
| CVE-2026-7013 A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail_send Plugin. The manipulation of the argument f_subjec... | 2.4 | LOW | — | 0 |
| CVE-2026-7014 A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site script... | 2.4 | LOW | — | 0 |
| CVE-2026-7015 A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_email... | 2.4 | LOW | — | 0 |
| CVE-2026-7018 A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/c... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-7129 A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of the argumen... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-7179 A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the compo... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-7196 A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injecti... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7205 A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument... | 7.3 | HIGH | — | 0 |
| CVE-2026-7211 A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulation... | 7.3 | HIGH | — | 0 |
| CVE-2026-7214 A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation ... | 7.3 | HIGH | — | 0 |
| CVE-2026-7215 A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component VMD Launch Handler. The manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2026-7216 A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the componen... | 7.3 | HIGH | — | 0 |
| CVE-2026-26120 Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32169 Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. | 10.0 | CRITICAL | — | 0 |
| CVE-2026-33393 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `allowed_spam_host_domains` check used `String#end_with?` without domain boundary vali... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-33394 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post Edits admin report (/admin/reports/post_edits) leaked the first 40 characters of ... | 2.7 | LOW | — | 0 |
| CVE-2026-40282 WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the ... | N/A | NONE | — | 0 |
| CVE-2026-30404 The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe ... | 7.5 | HIGH | — | 0 |
| CVE-2026-4426 A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge exten... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32865 OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an e... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-32866 OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in thei... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-4427 Rejected reason: Duplicate of CVE-2026-32286 | N/A | NONE | — | 0 |
| CVE-2026-22746 Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoA... | 3.7 | LOW | — | 0 |
| CVE-2026-22747 Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the userna... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-21732 A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, whe... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-25192 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can con... | 9.4 | CRITICAL | — | 0 |
| CVE-2026-31926 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32663 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predic... | 7.3 | HIGH | — | 0 |
| CVE-2026-3546 The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is register... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3554 The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in all versions up to, and including, 1.2.1. This is due to in... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-3570 The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configurat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3617 The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insuff... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-3619 The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute in the [sheets2table-render-table] shortcode in all versions up to and including... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-4127 The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The `speedup01_ajax_enabled()` function, which handles the `wp_ajax_spee... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4143 The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncff_add_pl... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4161 The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitizatio... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-4261 The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_r... | 8.8 | HIGH | — | 0 |
| CVE-2026-4373 The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method... | 7.5 | HIGH | — | 0 |
| CVE-2026-3427 The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-4314 The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileReque... | 8.8 | HIGH | — | 0 |
| CVE-2026-4557 A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in cr... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2580 The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up t... | 7.5 | HIGH | — | 0 |
| CVE-2025-10736 The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authoriz... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-4585 A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4587 A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curl... | 3.7 | LOW | — | 0 |
| CVE-2026-4283 The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accept... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-23378 In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old... | 7.8 | HIGH | — | 0 |
| CVE-2026-23379 In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by a... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.