Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-25763 OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint (/p... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25764 OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The appl... | 3.5 | LOW | — | 0 |
| CVE-2026-2068 A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflo... | 8.8 | HIGH | — | 0 |
| CVE-2023-6763 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-25793 Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created... | 8.1 | HIGH | — | 0 |
| CVE-2026-2070 A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to bu... | 8.8 | HIGH | — | 0 |
| CVE-2020-37079 Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attacke... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37106 Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37107 Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20... | 7.5 | HIGH | — | 0 |
| CVE-2020-37146 ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's co... | 7.5 | HIGH | — | 0 |
| CVE-2020-37147 ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit... | 7.1 | HIGH | — | 0 |
| CVE-2020-37154 eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can l... | 7.1 | HIGH | — | 0 |
| CVE-2020-37155 Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte p... | 7.5 | HIGH | — | 0 |
| CVE-2020-37157 DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. A... | 7.5 | HIGH | — | 0 |
| CVE-2020-37159 Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craf... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37160 SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing ex... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37163 QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject U... | 8.2 | HIGH | — | 0 |
| CVE-2026-2071 A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in b... | 8.8 | HIGH | — | 0 |
| CVE-2025-31990 Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overw... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-25837 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25838 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25839 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25840 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25841 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25842 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25843 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25844 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25845 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-12159 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1570 The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-12803 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-13463 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15267 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15491 The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as wi... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-24789 An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15476 The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to, and i... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15477 The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1082 The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1573 The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input sanitiz... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1608 The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1611 The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1613 The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1634 The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient inpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1643 The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes i... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2080 A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injectio... | 7.2 | HIGH | — | 0 |
| CVE-2026-25859 Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations. | 8.8 | HIGH | — | 0 |
| CVE-2026-2084 A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os comma... | 7.2 | HIGH | — | 0 |
| CVE-2026-2085 A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulati... | 7.2 | HIGH | — | 0 |
| CVE-2026-25560 WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without ... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.