Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-47852 Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the Rocks... | 8.8 | HIGH | — | 0 |
| CVE-2021-47853 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2021-47854 DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEA... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47855 Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the... | 7.2 | HIGH | — | 0 |
| CVE-2021-47858 Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts thr... | 7.2 | HIGH | — | 0 |
| CVE-2021-47859 ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted bi... | 7.8 | HIGH | — | 0 |
| CVE-2021-47861 Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquot... | 7.8 | HIGH | — | 0 |
| CVE-2021-47862 Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted pa... | 7.8 | HIGH | — | 0 |
| CVE-2021-47864 OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject an... | 7.8 | HIGH | — | 0 |
| CVE-2021-47865 ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connection... | 7.5 | HIGH | — | 0 |
| CVE-2021-47866 WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the ... | 7.8 | HIGH | — | 0 |
| CVE-2021-47867 WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2021-47868 WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unq... | 7.8 | HIGH | — | 0 |
| CVE-2021-47869 Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a mali... | 7.8 | HIGH | — | 0 |
| CVE-2021-47871 Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can expl... | 8.8 | HIGH | — | 0 |
| CVE-2021-47872 SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' paramet... | 7.1 | HIGH | — | 0 |
| CVE-2021-47873 VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interf... | 7.2 | HIGH | — | 0 |
| CVE-2021-47874 VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit ... | 7.8 | HIGH | — | 0 |
| CVE-2021-47875 GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47876 GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a ... | 7.5 | HIGH | — | 0 |
| CVE-2021-47877 GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8... | 7.5 | HIGH | — | 0 |
| CVE-2021-47878 eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can ex... | 7.8 | HIGH | — | 0 |
| CVE-2021-47879 eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers c... | 7.8 | HIGH | — | 0 |
| CVE-2021-47880 Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unq... | 7.8 | HIGH | — | 0 |
| CVE-2021-47882 FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path t... | 7.8 | HIGH | — | 0 |
| CVE-2021-47883 Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted bin... | 7.8 | HIGH | — | 0 |
| CVE-2021-47884 OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exp... | 7.8 | HIGH | — | 0 |
| CVE-2021-47886 Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path... | 7.8 | HIGH | — | 0 |
| CVE-2021-47887 OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq... | 7.8 | HIGH | — | 0 |
| CVE-2025-66959 An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder | 7.5 | HIGH | — | 0 |
| CVE-2025-66960 An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata | 7.5 | HIGH | — | 0 |
| CVE-2025-69762 Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69763 Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69766 Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remot... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0834 Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot... | 8.8 | HIGH | — | 0 |
| CVE-2026-23754 D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensiti... | 8.8 | HIGH | — | 0 |
| CVE-2026-23755 D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.... | 7.3 | HIGH | — | 0 |
| CVE-2025-68132 EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checkin... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-68134 EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the... | 7.4 | HIGH | — | 0 |
| CVE-2025-68135 EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminat... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-12781 When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-13465 Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global pro... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-68136 EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP soc... | 7.4 | HIGH | — | 0 |
| CVE-2025-68137 EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete head... | 8.3 | HIGH | — | 0 |
| CVE-2025-68138 EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-50002 Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-68139 EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminate_connection_on_failed_response` is `False`, which leaves the responsibility for... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-68140 EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registe... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-68141 EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax... | 7.4 | HIGH | — | 0 |
| CVE-2025-69209 ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overf... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.