Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-65077 A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code... | N/A | NONE | — | 0 |
| CVE-2025-65078 An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2025-65079 A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as... | N/A | NONE | — | 0 |
| CVE-2025-65080 A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivil... | N/A | NONE | — | 0 |
| CVE-2025-65081 An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unp... | N/A | NONE | — | 0 |
| CVE-2020-37067 Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 by... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37089 School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerab... | 8.2 | HIGH | — | 0 |
| CVE-2020-37090 School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attac... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37091 Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms ... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37092 Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37093 Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET req... | 7.5 | HIGH | — | 0 |
| CVE-2026-1341 Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control. | N/A | NONE | — | 0 |
| CVE-2026-25148 Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote atta... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25149 Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-15482 The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapa_proceed' WooCommerce API en... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15487 The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Ad... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-15508 The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the get_frontend_settings() function. This make... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0572 The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurify_save_options' function in all versions up to,... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0681 The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanit... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1642 A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream ser... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-20730 A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Tec... | 3.3 | LOW | — | 0 |
| CVE-2026-20732 A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoT... | 3.1 | LOW | — | 0 |
| CVE-2026-22548 When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. No... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-70545 A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-71192 In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to dr... | N/A | NONE | — | 0 |
| CVE-2025-71195 In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap max_register The max_register field is assigned the size of the register memory region instead... | N/A | NONE | — | 0 |
| CVE-2025-71196 In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usb... | N/A | NONE | — | 0 |
| CVE-2025-71197 In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' b... | N/A | NONE | — | 0 |
| CVE-2025-71198 In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection The st_lsm6dsx_acc_channels array of struct iio_chan_s... | N/A | NONE | — | 0 |
| CVE-2026-20119 A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial o... | 7.5 | HIGH | — | 0 |
| CVE-2026-23049 In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 pane... | N/A | NONE | — | 0 |
| CVE-2026-23051 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane->fb rather th... | N/A | NONE | — | 0 |
| CVE-2026-23052 In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE mul... | N/A | NONE | — | 0 |
| CVE-2024-51451 IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23059 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(), the fr... | N/A | NONE | — | 0 |
| CVE-2026-25049 n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflo... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25051 n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpo... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25052 n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify wor... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25053 n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to e... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25054 n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, i... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-1823 IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources. | 3.5 | LOW | — | 0 |
| CVE-2026-0944 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, fr... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0946 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet Smart... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0947 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting (XSS).This issue affects AT Interne... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-0948 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 be... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1553 Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4. | 4.8 | MEDIUM | — | 0 |
| CVE-2019-25281 NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquot... | 7.8 | HIGH | — | 0 |
| CVE-2026-25584 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow ... | 7.8 | HIGH | — | 0 |
| CVE-2025-22873 It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape on... | 3.8 | LOW | — | 0 |
| CVE-2025-62615 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.