Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-20610 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges. | 7.8 | HIGH | — | 0 |
| CVE-2026-20618 An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20619 A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20642 An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen. | 2.4 | LOW | — | 0 |
| CVE-2026-20629 A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20630 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20638 A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20640 An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and v... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-15573 The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a m... | 9.4 | CRITICAL | — | 0 |
| CVE-2026-20662 An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to v... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-20666 An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20681 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts. | 3.3 | LOW | — | 0 |
| CVE-2026-25676 The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with ... | N/A | NONE | — | 0 |
| CVE-2026-26085 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26086 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-2276 Reflected Cross-Site Scripting (XSS) vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not pr... | N/A | NONE | — | 0 |
| CVE-2026-1316 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to, and including, 5.97.0 due to insufficient... | 7.2 | HIGH | — | 0 |
| CVE-2026-1671 The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, a... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1320 The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9... | 7.2 | HIGH | — | 0 |
| CVE-2023-31313 An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting i... | 7.2 | HIGH | — | 0 |
| CVE-2025-14014 Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality N... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1104 The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all ve... | 8.8 | HIGH | — | 0 |
| CVE-2025-56647 npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows attac... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-69634 Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who ind... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-24044 Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook (usin... | N/A | NONE | — | 0 |
| CVE-2026-25922 authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabl... | 8.8 | HIGH | — | 0 |
| CVE-2026-0619 A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device. | N/A | NONE | — | 0 |
| CVE-2026-26005 ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the ... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-26020 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Re... | 8.8 | HIGH | — | 0 |
| CVE-2019-25319 Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25320 E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit th... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-25322 Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded ... | 7.5 | HIGH | — | 0 |
| CVE-2019-25323 Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can cra... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25324 RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25325 Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. A... | 8.2 | HIGH | — | 0 |
| CVE-2019-25327 Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and pas... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25328 XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated cha... | 7.5 | HIGH | — | 0 |
| CVE-2019-25330 SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers... | 7.5 | HIGH | — | 0 |
| CVE-2025-70092 A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Nam... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-21961 Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack a... | N/A | NONE | — | 0 |
| CVE-2026-26249 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26250 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26251 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26252 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26253 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26254 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26255 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26256 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26257 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-15520 The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.