Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-22251 wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was neve... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22200 Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a tick... | 7.5 | HIGH | — | 0 |
| CVE-2026-22771 Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy p... | 8.8 | HIGH | — | 0 |
| CVE-2023-36331 Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId. | 8.2 | HIGH | — | 0 |
| CVE-2025-66802 Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-12420 A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitle... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-29329 Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-67146 Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the ... | 9.4 | CRITICAL | — | 0 |
| CVE-2026-22788 WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication mid... | 8.2 | HIGH | — | 0 |
| CVE-2026-22789 WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-22794 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If ... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-22799 Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper valida... | 8.8 | HIGH | — | 0 |
| CVE-2024-58339 LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() l... | 7.5 | HIGH | — | 0 |
| CVE-2024-58340 LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_pa... | 7.5 | HIGH | — | 0 |
| CVE-2025-15514 Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via... | 7.5 | HIGH | — | 0 |
| CVE-2026-22813 OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web inter... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-22213 RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the de... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22214 RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame dat... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22695 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in t... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-22800 PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint respons... | 2.4 | LOW | — | 0 |
| CVE-2026-22801 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-0498 SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-0500 Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) f... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-0506 Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP sys... | 8.1 | HIGH | — | 0 |
| CVE-2026-0513 Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redi... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-41717 An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss o... | 8.8 | HIGH | — | 0 |
| CVE-2025-40942 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run ... | 8.8 | HIGH | — | 0 |
| CVE-2025-11250 Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-11669 Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remot... | 8.1 | HIGH | — | 0 |
| CVE-2025-9435 Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module | 5.5 | MEDIUM | — | 0 |
| CVE-2026-0877 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 8.1 | HIGH | — | 0 |
| CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 8.0 | HIGH | — | 0 |
| CVE-2026-0879 Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird <... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0880 Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 8.8 | HIGH | — | 0 |
| CVE-2026-0881 Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | 10.0 | CRITICAL | — | 0 |
| CVE-2026-0882 Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 8.8 | HIGH | — | 0 |
| CVE-2026-0883 Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0884 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0885 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0886 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0887 Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0888 Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0890 Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-0891 Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort ... | 8.1 | HIGH | — | 0 |
| CVE-2026-0892 Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-13444 OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the Load... | 8.4 | HIGH | — | 0 |
| CVE-2025-71023 Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) ... | 7.5 | HIGH | — | 0 |
| CVE-2025-13447 OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the Load... | 8.4 | HIGH | — | 0 |
| CVE-2025-55462 A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Co... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22755 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365,... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.