Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-27009 OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity (name/avatar) into an inline `<script>` tag without scr... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-2350 Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2408 Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension. | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2435 Tanium addressed a SQL injection vulnerability in Asset. | 6.3 | MEDIUM | — | 0 |
| CVE-2025-67971 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a ... | 7.1 | HIGH | — | 0 |
| CVE-2026-26974 Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports **/*.plugin.{js,mjs} files including those from node_modules, so any malicio... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26975 Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute... | 8.8 | HIGH | — | 0 |
| CVE-2026-26064 calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes a... | 8.8 | HIGH | — | 0 |
| CVE-2026-26065 calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 20... | 8.8 | HIGH | — | 0 |
| CVE-2026-26960 node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to... | 7.1 | HIGH | — | 0 |
| CVE-2026-26977 Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished co... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26991 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform ... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-26992 LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform St... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-26993 Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitizat... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-26994 uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 dow... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26995 Rejected reason: Further research determined the issue is an external dependency vulnerability. | N/A | NONE | — | 0 |
| CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, han... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-59819 This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26370 WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web brows... | N/A | NONE | — | 0 |
| CVE-2026-26050 The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arb... | N/A | NONE | — | 0 |
| CVE-2025-52603 HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is... | 3.5 | LOW | — | 0 |
| CVE-2025-52744 Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a throu... | 7.7 | HIGH | — | 0 |
| CVE-2025-53228 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue a... | 7.1 | HIGH | — | 0 |
| CVE-2025-53231 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy Ta... | 7.1 | HIGH | — | 0 |
| CVE-2025-53233 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RylanH Storyform storyform allows Reflected XSS.This issue affects Storyform: from n/a through <= ... | 7.1 | HIGH | — | 0 |
| CVE-2025-53237 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Wizard Cloak wp-wizard-cloak allows Reflected XSS.This issue affects WP Wizard Cloak: fr... | 7.1 | HIGH | — | 0 |
| CVE-2025-60087 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addo... | 8.1 | HIGH | — | 0 |
| CVE-2025-60183 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesof... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-70831 A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter bef... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20761 A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages res... | 8.1 | HIGH | — | 0 |
| CVE-2026-22344 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | — | 0 |
| CVE-2026-22345 Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Im... | 8.8 | HIGH | — | 0 |
| CVE-2026-22346 Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider... | 8.8 | HIGH | — | 0 |
| CVE-2026-22352 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affe... | 7.1 | HIGH | — | 0 |
| CVE-2026-22354 Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Ban... | 8.8 | HIGH | — | 0 |
| CVE-2026-27072 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager pixelyoursite allows Stored XSS.This ... | 7.1 | HIGH | — | 0 |
| CVE-2026-2846 A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipu... | 7.2 | HIGH | — | 0 |
| CVE-2026-2847 A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of th... | 7.2 | HIGH | — | 0 |
| CVE-2025-70833 An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating... | 9.4 | CRITICAL | — | 0 |
| CVE-2026-1842 HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used... | N/A | NONE | — | 0 |
| CVE-2026-26098 Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26099 Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26100 Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26101 Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | 7.8 | HIGH | — | 0 |
| CVE-2026-26102 Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | 7.8 | HIGH | — | 0 |
| CVE-2026-26721 An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter. | 7.1 | HIGH | — | 0 |
| CVE-2026-26722 An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality. | 9.4 | CRITICAL | — | 0 |
| CVE-2026-27504 SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted U... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27505 SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow (index.php submitting to admin/user_action.php). User-supplied fields such as Firs... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27506 SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow (user_settings.php submitting to admin/update_user.php). Authenticated users can... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.