Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-52026 An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashi... | 7.5 | HIGH | — | 0 |
| CVE-2026-1386 A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer dir... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-70457 A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file con... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70458 A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because t... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-12780 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-0991 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-24127 Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24128 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24136 Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows ... | 7.5 | HIGH | — | 0 |
| CVE-2026-24139 MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete applica... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24140 MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient in... | 2.7 | LOW | — | 0 |
| CVE-2026-24474 Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `i... | N/A | NONE | — | 0 |
| CVE-2026-22582 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22583 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulati... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22585 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Web... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22586 Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24399 ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <ifr... | 9.3 | CRITICAL | — | 0 |
| CVE-2026-24402 Rejected reason: GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. According to [rule 4.2.11 of the CVE CNA rules](h... | N/A | NONE | — | 0 |
| CVE-2026-24403 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidat... | 7.1 | HIGH | — | 0 |
| CVE-2026-24404 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereferenc... | 7.1 | HIGH | — | 0 |
| CVE-2026-24405 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalcu... | 8.8 | HIGH | — | 0 |
| CVE-2026-24406 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamed... | 8.8 | HIGH | — | 0 |
| CVE-2026-24407 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs whe... | 7.1 | HIGH | — | 0 |
| CVE-2026-24401 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sendi... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24409 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | — | 0 |
| CVE-2026-24410 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | — | 0 |
| CVE-2025-14973 The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-24411 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXm... | 7.1 | HIGH | — | 0 |
| CVE-2026-24412 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXm... | 8.8 | HIGH | — | 0 |
| CVE-2026-24421 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissio... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-13952 A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platform... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24420 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissio... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24422 phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQu... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1284 An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attac... | 7.8 | HIGH | — | 0 |
| CVE-2026-24469 C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. ... | 7.5 | HIGH | — | 0 |
| CVE-2026-24642 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24643 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24644 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24645 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24646 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24647 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24648 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24649 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-12836 The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.20 due to insufficient input san... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-13374 The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalrav_upload_file AJAX action in all versions up to, and including, 2.3.3. ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-13676 The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output esc... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-14609 The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-ana... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0633 The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due ... | 3.7 | LOW | — | 0 |
| CVE-2025-14629 The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete_file' function in all versions up to, and including, 1... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1157 A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffe... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.