Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-4039 A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to co... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4040 A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure ... | 3.3 | LOW | — | 0 |
| CVE-2026-0809 Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encod... | N/A | NONE | — | 0 |
| CVE-2026-2513 A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended ac... | N/A | NONE | — | 0 |
| CVE-2026-2514 In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed b... | N/A | NONE | — | 0 |
| CVE-2026-2987 The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions up to, and including, 20260217 due to insufficient input sanitization and outpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25674 CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requ... | 8.2 | HIGH | — | 0 |
| CVE-2026-21666 A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | 9.9 | CRITICAL | — | 0 |
| CVE-2026-28384 An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the... | N/A | NONE | — | 0 |
| CVE-2019-25675 eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameter... | 8.2 | HIGH | — | 0 |
| CVE-2019-25676 Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inje... | 8.2 | HIGH | — | 0 |
| CVE-2019-25473 Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests... | 7.1 | HIGH | — | 0 |
| CVE-2019-25479 Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25481 iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Atta... | 8.2 | HIGH | — | 0 |
| CVE-2019-25482 Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kateg... | 8.2 | HIGH | — | 0 |
| CVE-2019-25488 Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attac... | 8.2 | HIGH | — | 0 |
| CVE-2019-25508 Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter.... | 8.2 | HIGH | — | 0 |
| CVE-2019-25509 XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET r... | 8.2 | HIGH | — | 0 |
| CVE-2019-25510 Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25511 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid paramet... | 8.2 | HIGH | — | 0 |
| CVE-2019-25512 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can ma... | 8.2 | HIGH | — | 0 |
| CVE-2019-25513 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25514 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can ma... | 8.2 | HIGH | — | 0 |
| CVE-2019-25677 WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25515 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by s... | 7.5 | HIGH | — | 0 |
| CVE-2019-25516 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id para... | 8.2 | HIGH | — | 0 |
| CVE-2019-25517 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25518 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter.... | 8.2 | HIGH | — | 0 |
| CVE-2019-25519 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Att... | 8.2 | HIGH | — | 0 |
| CVE-2019-25520 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25678 C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through t... | 8.2 | HIGH | — | 0 |
| CVE-2019-25679 RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a... | 7.8 | HIGH | — | 0 |
| CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. A... | 8.2 | HIGH | — | 0 |
| CVE-2019-25526 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter.... | 8.2 | HIGH | — | 0 |
| CVE-2019-25527 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter.... | 8.2 | HIGH | — | 0 |
| CVE-2019-25528 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter... | 8.2 | HIGH | — | 0 |
| CVE-2019-25529 Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send... | 7.1 | HIGH | — | 0 |
| CVE-2019-25530 uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers... | 8.2 | HIGH | — | 0 |
| CVE-2019-25531 Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit cr... | 8.2 | HIGH | — | 0 |
| CVE-2019-25532 Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers ca... | 8.2 | HIGH | — | 0 |
| CVE-2019-25533 Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. A... | 8.2 | HIGH | — | 0 |
| CVE-2019-25534 Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25535 Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can... | 8.2 | HIGH | — | 0 |
| CVE-2019-25537 Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parame... | 8.2 | HIGH | — | 0 |
| CVE-2019-25538 202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send cr... | 8.2 | HIGH | — | 0 |
| CVE-2019-25539 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can se... | 8.2 | HIGH | — | 0 |
| CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search paramet... | 8.2 | HIGH | — | 0 |
| CVE-2019-25542 Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. A... | 8.2 | HIGH | — | 0 |
| CVE-2019-25543 Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attack... | 8.2 | HIGH | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.