Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-9368 A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device. | N/A | NONE | — | 0 |
| CVE-2025-9638 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter i... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-46845 Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a b... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-22675 Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-56704 LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability b... | 8.8 | HIGH | — | 0 |
| CVE-2025-63737 Cross-site scripting (XSS) vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m paramet... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-63738 An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-63742 SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator acc... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-65288 A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-65289 A stored Cross site scripting (XSS) vulnerability in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) router allows a remote attacker on the LAN to inject JavaScript into the router's mana... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-47570 An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11;... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-13924 The Advanced Product Fields (Product Addons) for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or in... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-33213 NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to c... | 8.8 | HIGH | — | 0 |
| CVE-2025-33214 NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution... | 8.8 | HIGH | — | 0 |
| CVE-2025-34396 MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL fr... | 7.3 | HIGH | — | 0 |
| CVE-2025-34397 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when proce... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34398 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not p... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34399 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not pro... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34400 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not pro... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34401 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34402 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sa... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34403 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sa... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34404 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34406 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processe... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34407 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanit... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34408 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not pro... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34409 MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not p... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-34413 Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Refe... | N/A | NONE | — | 0 |
| CVE-2025-46636 Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially explo... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-46637 Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this vulnerability... | 7.3 | HIGH | — | 0 |
| CVE-2025-53949 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 thro... | 7.2 | HIGH | — | 0 |
| CVE-2025-54353 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-54838 An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-55233 Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-57823 A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 ... | 2.7 | LOW | — | 0 |
| CVE-2025-59516 Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59517 Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2009-2908 The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified ve... | N/A | NONE | — | 0 |
| CVE-2025-59719 An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59808 An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS ... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-59810 An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-59923 An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versio... | 2.7 | LOW | — | 0 |
| CVE-2025-60024 Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0... | 8.8 | HIGH | — | 0 |
| CVE-2025-61078 Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructi... | 6.1 | MEDIUM | — | 0 |
| CVE-2009-3459 Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers mem... | N/A | NONE | — | 0 |
| CVE-2025-62454 Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-62455 Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-62456 Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network. | 8.8 | HIGH | — | 0 |
| CVE-2025-62457 Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-62458 Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.