Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2002-0228 Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more whe... | N/A | NONE | — | 0 |
| CVE-2011-2530 Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a... | N/A | NONE | — | 0 |
| CVE-2026-33182 Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endp... | 7.5 | HIGH | — | 0 |
| CVE-2026-33183 Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without va... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-33628 Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing s... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-33669 SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-33670 SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28786 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint al... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-33757 OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` s... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-33758 OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with `callback_mode=dir... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30529 A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user inp... | 8.8 | HIGH | — | 0 |
| CVE-2026-27309 Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is... | 7.8 | HIGH | — | 0 |
| CVE-2026-32973 OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-32974 OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Una... | 8.6 | HIGH | — | 0 |
| CVE-2026-32975 OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create grou... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-32978 OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain ... | 8.0 | HIGH | — | 0 |
| CVE-2026-32979 OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding ca... | 7.3 | HIGH | — | 0 |
| CVE-2026-33573 OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by... | 8.8 | HIGH | — | 0 |
| CVE-2026-5106 A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation of the argument sname can lead ... | 2.4 | LOW | — | 0 |
| CVE-2026-34472 Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials ... | 7.1 | HIGH | — | 0 |
| CVE-2002-0229 Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL... | N/A | NONE | — | 0 |
| CVE-2002-0230 Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserte... | N/A | NONE | — | 0 |
| CVE-2002-0231 Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname. | N/A | NONE | — | 0 |
| CVE-2006-1629 OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. | N/A | NONE | — | 0 |
| CVE-2021-41644 Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29650 Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29651 An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 | HIGH | — | 0 |
| CVE-2022-34132 Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34133 Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-34134 Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. | 8.8 | HIGH | — | 0 |
| CVE-2022-36759 Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-0256 A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the com... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-0257 A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.p... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-0258 A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Category List Handl... | 2.4 | LOW | — | 0 |
| CVE-2023-0332 A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2020-29297 Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24191 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-24192 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-24194 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-24195 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-24197 Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-24646 An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24647 Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. | 7.5 | HIGH | — | 0 |
| CVE-2023-27073 A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-1432 A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save... | 7.3 | HIGH | — | 0 |
| CVE-2023-30122 An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-0247 A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2024-8604 A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3638 Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted A... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-33152 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthenticati... | 9.1 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.