Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-61969 Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | N/A | NONE | — | 0 |
| CVE-2026-22894 A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files o... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0910 The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' funct... | 8.8 | HIGH | — | 0 |
| CVE-2026-1226 CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is process... | N/A | NONE | — | 0 |
| CVE-2026-1227 CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service con... | N/A | NONE | — | 0 |
| CVE-2026-2337 A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1. | N/A | NONE | — | 0 |
| CVE-2018-25157 Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can uplo... | 6.4 | MEDIUM | — | 0 |
| CVE-2019-25306 BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted ... | 7.8 | HIGH | — | 0 |
| CVE-2019-25307 WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2019-25309 Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can explo... | 7.8 | HIGH | — | 0 |
| CVE-2025-65128 A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and... | 8.1 | HIGH | — | 0 |
| CVE-2025-65480 An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading... | 8.8 | HIGH | — | 0 |
| CVE-2025-69874 nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70083 An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local bu... | 7.8 | HIGH | — | 0 |
| CVE-2025-70084 Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function. | 7.5 | HIGH | — | 0 |
| CVE-2025-70085 An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_Fi... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0228 An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not nor... | N/A | NONE | — | 0 |
| CVE-2026-2320 Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2322 Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2323 Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 4.3 | MEDIUM | — | 0 |
| CVE-2024-50618 A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-25313 FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML ... | 4.0 | MEDIUM | — | 0 |
| CVE-2020-37156 BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a cr... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-37183 Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. At... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37193 ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared t... | 7.5 | HIGH | — | 0 |
| CVE-2020-37194 Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-characte... | 7.5 | HIGH | — | 0 |
| CVE-2020-37195 BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer paylo... | 7.5 | HIGH | — | 0 |
| CVE-2020-37198 Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generat... | 7.5 | HIGH | — | 0 |
| CVE-2020-37200 NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 100... | 7.5 | HIGH | — | 0 |
| CVE-2020-37201 NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and past... | 7.5 | HIGH | — | 0 |
| CVE-2020-37202 NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buff... | 7.5 | HIGH | — | 0 |
| CVE-2020-37203 Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37213 TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-b... | 7.5 | HIGH | — | 0 |
| CVE-2025-46310 This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system fi... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-64074 A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted se... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-67135 Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20603 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20610 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges. | 7.8 | HIGH | — | 0 |
| CVE-2026-20618 An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20619 A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20642 An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen. | 2.4 | LOW | — | 0 |
| CVE-2026-20646 A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information. | 3.3 | LOW | — | 0 |
| CVE-2026-20647 This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20648 A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-15574 When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The pas... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20681 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts. | 3.3 | LOW | — | 0 |
| CVE-2026-25676 The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with ... | N/A | NONE | — | 0 |
| CVE-2026-26085 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26086 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-69752 An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in t... | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.