Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-40050 CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-40566 FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection test functionality of FreeSc... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-40587 blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-40588 blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/{slug}/edit/ does not include a current_password field and does not verify the user's exist... | 8.1 | HIGH | — | 0 |
| CVE-2026-41193 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authent... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-40865 Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other e... | N/A | NONE | — | 0 |
| CVE-2026-40866 Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overw... | N/A | NONE | — | 0 |
| CVE-2026-40867 Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attac... | N/A | NONE | — | 0 |
| CVE-2026-40889 Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Vers... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-40890 The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > characte... | 7.5 | HIGH | — | 0 |
| CVE-2026-6819 HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers... | 8.8 | HIGH | — | 0 |
| CVE-2026-21997 Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported versions that are affected are 9.2.1-9.2.3. Easily exploitabl... | 8.5 | HIGH | — | 0 |
| CVE-2026-34275 Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploi... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-34279 Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploi... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-34291 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability ... | 8.7 | HIGH | — | 0 |
| CVE-2026-34292 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabilit... | 7.2 | HIGH | — | 0 |
| CVE-2026-34293 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged atta... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-34325 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affect... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-35229 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker... | 7.5 | HIGH | — | 0 |
| CVE-2026-35231 Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.... | 7.5 | HIGH | — | 0 |
| CVE-2026-35232 Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low pri... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-35234 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-3307 An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated by... | 2.7 | LOW | — | 0 |
| CVE-2026-40575 OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enable... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-41131 OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check reque... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-41665 Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-41666 Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-41667 Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-6839 Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior t... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-6840 Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-6842 A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows ... | 2.5 | LOW | — | 0 |
| CVE-2026-33256 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6862 A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an E... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-35548 An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after mo... | 8.5 | HIGH | — | 0 |
| CVE-2018-25259 Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception ... | 8.4 | HIGH | — | 0 |
| CVE-2018-25260 MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. At... | 8.4 | HIGH | — | 0 |
| CVE-2026-35355 The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and th... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-35358 The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-35361 The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std:... | 3.4 | LOW | — | 0 |
| CVE-2026-35362 The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to ... | 3.6 | LOW | — | 0 |
| CVE-2026-35380 A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty delimiter. The implementation mistakenly... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-35381 A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The imp... | 3.3 | LOW | — | 0 |
| CVE-2026-3254 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into... | 3.5 | LOW | — | 0 |
| CVE-2026-26354 Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 ... | 8.1 | HIGH | — | 0 |
| CVE-2026-3837 An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter im... | N/A | NONE | — | 0 |
| CVE-2026-40937 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions`... | 8.3 | HIGH | — | 0 |
| CVE-2026-41134 Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/de... | N/A | NONE | — | 0 |
| CVE-2026-4049 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-36074 IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-1272 IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. | 2.7 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.