Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-24819 Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application. | 5.7 | MEDIUM | — | 0 |
| CVE-2024-51778 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tevya Satisfaction Reports from Help Scout happiness-reports-for-help-scout allows Reflected XSS.T... | 7.1 | HIGH | — | 0 |
| CVE-2024-51779 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Coleman Don't Break The Code dont-break-the-code allows Reflected XSS.This issue affects Don... | 7.1 | HIGH | — | 0 |
| CVE-2024-51780 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eewee eewee admin custom eewee-admincustom allows Reflected XSS.This issue affects eewee admin cus... | 7.1 | HIGH | — | 0 |
| CVE-2024-51781 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefan Backor Firework Shoppable Live Video firework-videos allows Reflected XSS.This issue affect... | 7.1 | HIGH | — | 0 |
| CVE-2024-51707 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodin WP Visual Adverts wp-visual-adverts allows Reflected XSS.This issue affects WP Visual Adv... | 7.1 | HIGH | — | 0 |
| CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a web... | N/A | NONE | — | 0 |
| CVE-2024-51708 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Narnoo Narnoo Commerce Manager narnoo-commerce-manager allows Reflected XSS.This issue affects Nar... | 7.1 | HIGH | — | 0 |
| CVE-2024-51709 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mariandz TeleAdmin teleadmin allows Reflected XSS.This issue affects TeleAdmin: from n/a through <... | 7.1 | HIGH | — | 0 |
| CVE-2024-51710 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Minerva Infotech Responsive Data Table responsive-data-table allows Reflected XSS.This issue affec... | 7.1 | HIGH | — | 0 |
| CVE-2026-35487 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-30460 Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | 8.8 | HIGH | — | 0 |
| CVE-2026-33815 Memory-safety vulnerability in github.com/jackc/pgx/v5. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-35488 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative p... | 8.1 | HIGH | — | 0 |
| CVE-2026-35491 FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature (webserver.api.cli_pw) th... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-51711 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Khunt Saragna saragna-social-stream allows Reflected XSS.This issue affects Saragna: from n... | 7.1 | HIGH | — | 0 |
| CVE-2024-51712 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Visser Jigoshop – Store Toolkit jigoshop-store-toolkit allows Reflected XSS.This issue aff... | 7.1 | HIGH | — | 0 |
| CVE-2024-51713 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TRe Technology And Research S.r.l. HQ60 Fidelity Card hq60-fidelity-card allows Reflected XSS.This... | 7.1 | HIGH | — | 0 |
| CVE-2026-35492 Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dat... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-35515 Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream._transform() interpolates message.type and message.id directly into Server-Sent Events text prot... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-51714 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techdabang User Password Reset user-password-reset allows Reflected XSS.This issue affects User Pa... | 7.1 | HIGH | — | 0 |
| CVE-2026-4931 Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost. | 6.8 | MEDIUM | — | 0 |
| CVE-2024-51716 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus Twitter real time search scrolling twitter-real-time-search-scrolling allows Reflected XS... | 7.1 | HIGH | — | 0 |
| CVE-2024-36058 The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, a... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-35526 Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allo... | 7.5 | HIGH | — | 0 |
| CVE-2026-35571 Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme v... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-23696 Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through th... | 9.9 | CRITICAL | — | 0 |
| CVE-2024-51717 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perception System System Pvt. Ltd. Ajax Content Filter ajax-content-filter allows Reflected XSS.Th... | 7.1 | HIGH | — | 0 |
| CVE-2024-51718 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arsdehnel Simple Modal simplemodal allows Cross-Site Scripting (XSS).This issue affects Simple Mod... | 7.1 | HIGH | — | 0 |
| CVE-2024-51719 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roman Peterhans Simplistic SEO simplistic-seo allows Reflected XSS.This issue affects Simplistic S... | 7.1 | HIGH | — | 0 |
| CVE-2024-51759 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detlef Beyer SVT Simple svt-simple allows Reflected XSS.This issue affects SVT Simple: from n/a th... | 7.1 | HIGH | — | 0 |
| CVE-2024-51760 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ristretto Apps Dashing Memberships dashing-memberships allows Reflected XSS.This issue affects Das... | 7.1 | HIGH | — | 0 |
| CVE-2026-32588 Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.1... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-51761 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zackgilbert WPHelpful wphelpful allows Stored XSS.This issue affects WPHelpful: from n/a through <... | 7.1 | HIGH | — | 0 |
| CVE-2024-51670 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Help Desk js-support-ticket allows Stored XSS.This issue affects JS Help Desk: from n/a... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-51673 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems HT Politic wp-politic allows DOM-Based XSS.This issue affects HT Politic: from n/a throug... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-51674 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Themes Sastra Essential Addons for Elementor sastra-essential-addons-for-elementor allows DOM... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-51675 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows DOM-Based XSS.Th... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-51676 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious Delisho dr-widgets-blocks allows DOM-Based XSS.This issue affects Delisho: from n/a t... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-35592 pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix() for i... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-35583 Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint (/api/configuration/{name}) validated configuration names using a blacklist approach that checked f... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-51689 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows Reflected XSS.This issue affects CF7 WOW Styler... | 7.1 | HIGH | — | 0 |
| CVE-2024-51690 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neelam.samariya Wp Slide Categorywise wp-slide-categorywise allows Reflected XSS.This issue affect... | 7.1 | HIGH | — | 0 |
| CVE-2024-51691 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aryanduntley Admin Amplify wpr-admin-amplify allows Reflected XSS.This issue affects Admin Amplify... | 7.1 | HIGH | — | 0 |
| CVE-2024-51692 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bi... | 7.1 | HIGH | — | 0 |
| CVE-2024-51693 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in labdav Search order by product SKU for WooCommerce search-order-by-product-sku-for-woocommerce all... | 7.1 | HIGH | — | 0 |
| CVE-2024-51694 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalfisherman Geotagged Media geotagged-media allows Reflected XSS.This issue affects Geotagged... | 7.1 | HIGH | — | 0 |
| CVE-2026-35610 PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an inverted adm... | 8.8 | HIGH | — | 0 |
| CVE-2026-35611 Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two c... | 7.5 | HIGH | — | 0 |
| CVE-2026-35615 PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. is already collap... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.