Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-47774 Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 25... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-13859 The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in ver... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0989 A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> dir... | 3.7 | LOW | — | 0 |
| CVE-2026-0990 A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that ref... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-0992 A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same down... | 2.9 | LOW | — | 0 |
| CVE-2021-47759 MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a ... | 6.2 | MEDIUM | — | 0 |
| CVE-2021-47761 MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.ex... | 7.8 | HIGH | — | 0 |
| CVE-2021-47762 HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquot... | 7.8 | HIGH | — | 0 |
| CVE-2021-47763 Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to re... | 8.2 | HIGH | — | 0 |
| CVE-2021-47766 Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vul... | 7.1 | HIGH | — | 0 |
| CVE-2021-47781 Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a sp... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47784 Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,... | 7.5 | HIGH | — | 0 |
| CVE-2021-47799 Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo sett... | 6.2 | MEDIUM | — | 0 |
| CVE-2021-47819 ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP scr... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-61973 A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, whic... | 8.8 | HIGH | — | 0 |
| CVE-2025-62193 Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unau... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-13845 CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody. | N/A | NONE | — | 0 |
| CVE-2026-23746 Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the S... | N/A | NONE | — | 0 |
| CVE-2026-1012 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2021-47756 Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet comm... | 8.4 | HIGH | — | 0 |
| CVE-2021-47782 Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vuln... | 8.2 | HIGH | — | 0 |
| CVE-2021-47795 GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploi... | 6.2 | MEDIUM | — | 0 |
| CVE-2021-47796 Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47797 Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can ge... | 7.5 | HIGH | — | 0 |
| CVE-2021-47798 NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into th... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47800 b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit ... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-47801 Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious P... | 8.2 | HIGH | — | 0 |
| CVE-2021-47803 iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious ex... | 7.8 | HIGH | — | 0 |
| CVE-2021-47804 Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious execut... | 7.8 | HIGH | — | 0 |
| CVE-2021-47813 Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer... | 7.5 | HIGH | — | 0 |
| CVE-2026-23709 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23710 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23711 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23712 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23713 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23714 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-12641 The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-12957 The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT fil... | 8.8 | HIGH | — | 0 |
| CVE-2025-14384 The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/aioseo/v1... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14982 The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for au... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15370 The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaG... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15526 The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionalit... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15527 The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the api_get_post_summary function due to insufficient restrictions on which ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1000 The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capabilit... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1003 The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delet... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14793 The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it po... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-14853 The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions <= 1.7.1. This is due to missing or incorrect nonce validation on the display_setting... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0916 The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'related_posts_by_tax' shortcode in all versions up to, and including, 2.7.6 due to ins... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0939 The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.