Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-12728 Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via ... | 4.2 | MEDIUM | — | 0 |
| CVE-2025-33150 IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-47932 Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.... | 8.8 | HIGH | — | 0 |
| CVE-2025-48055 Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed... | 8.5 | HIGH | — | 0 |
| CVE-2025-48065 Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13... | 8.8 | HIGH | — | 0 |
| CVE-2025-48878 Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user (e.g. with Service desk agent profile) to create... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-49145 Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks (mostly administrators) can drop the database. This is f... | 8.7 | HIGH | — | 0 |
| CVE-2025-14700 An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection... | 9.9 | CRITICAL | — | 0 |
| CVE-2025-64167 Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack (leading to JS execution) when editing the URL parameter. Ver... | 7.1 | HIGH | — | 0 |
| CVE-2025-64181 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2... | 7.5 | HIGH | — | 0 |
| CVE-2025-64182 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, a... | 7.8 | HIGH | — | 0 |
| CVE-2025-64183 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, a... | 7.5 | HIGH | — | 0 |
| CVE-2025-64504 Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1, in certain project membership APIs, the server trusted a use... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-5317 An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninst... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-4462 Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded f... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-11578 A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape i... | 7.2 | HIGH | — | 0 |
| CVE-2025-11892 An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege esca... | 9.6 | CRITICAL | — | 0 |
| CVE-2025-64529 SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions prior to 1.45.2, users who use the exclusion operator somewhere in their auth... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-4645 An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the in... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-5452 A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP applicatio... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-7429 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report. | 7.3 | HIGH | — | 0 |
| CVE-2025-7430 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report. | 7.3 | HIGH | — | 0 |
| CVE-2025-7632 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report. | 7.3 | HIGH | — | 0 |
| CVE-2025-7633 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report. | 7.3 | HIGH | — | 0 |
| CVE-2009-3670 Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file. | N/A | NONE | — | 0 |
| CVE-2025-64773 In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit | 2.7 | LOW | — | 0 |
| CVE-2025-12940 Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user havin... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-12942 Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform... | 7.5 | HIGH | — | 0 |
| CVE-2025-12943 Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with th... | 7.5 | HIGH | — | 0 |
| CVE-2025-62984 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <=... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-12944 Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check th... | 8.8 | HIGH | — | 0 |
| CVE-2025-13032 Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. | 9.9 | CRITICAL | — | 0 |
| CVE-2025-20050 Uncontrolled search path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20614 External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adv... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-24299 Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with ... | 8.8 | HIGH | — | 0 |
| CVE-2025-24307 Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary w... | 2.0 | LOW | — | 0 |
| CVE-2025-59116 Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force at... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-24314 Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a p... | 2.2 | LOW | — | 0 |
| CVE-2025-24519 Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-24834 Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary wit... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-24838 Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary w... | 8.8 | HIGH | — | 0 |
| CVE-2025-24847 Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a... | 4.5 | MEDIUM | — | 0 |
| CVE-2025-24862 Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged so... | 2.0 | LOW | — | 0 |
| CVE-2025-24863 Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary wi... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-26694 Null pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated us... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-27710 Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an information disclosure. System software adversary with an authe... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-27713 Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated ... | 7.8 | HIGH | — | 0 |
| CVE-2025-30509 Improper input validation for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an a... | 3.8 | LOW | — | 0 |
| CVE-2025-31937 Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user com... | 5.6 | MEDIUM | — | 0 |
| CVE-2025-32088 Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated u... | 3.3 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.