Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-67645 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authentic... | 8.8 | HIGH | — | 0 |
| CVE-2026-23830 SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandb... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-24833 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its descript... | 7.6 | HIGH | — | 0 |
| CVE-2026-24836 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write... | 7.6 | HIGH | — | 0 |
| CVE-2026-24837 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name... | 7.6 | HIGH | — | 0 |
| CVE-2026-21569 This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE (XML External Entity Injection) vulnerability, with a... | N/A | NONE | — | 0 |
| CVE-2026-24838 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include ... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-24839 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This a... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-24840 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line ... | 8.0 | HIGH | — | 0 |
| CVE-2026-24841 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-termina... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-24842 node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation... | 8.2 | HIGH | — | 0 |
| CVE-2026-24850 The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24852 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1505 A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injecti... | 7.2 | HIGH | — | 0 |
| CVE-2026-1506 A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac ... | 7.2 | HIGH | — | 0 |
| CVE-2026-1514 Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify front-end code to read all official docu... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24859 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24860 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24861 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24862 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24863 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24864 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24865 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24866 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24867 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-13471 The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable Use... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14610 The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be... | 7.2 | HIGH | — | 0 |
| CVE-2025-8072 The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder_img’ parameter in all versions up to, and including, 3.8.8 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15511 The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_webhook() function in all versions up to, and including, 2.0.0. ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1083 The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 d... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-12709 The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and including, 1.3.1 ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-14039 The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_simple_folio_item_client_name' and '_simple_folio_item_link' meta fields in all versions up to, and includi... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9082 The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitiz... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-26386 Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation ... | N/A | NONE | — | 0 |
| CVE-2026-0825 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0832 The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, ... | 7.3 | HIGH | — | 0 |
| CVE-2026-1244 The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoop_campaign' shortcode in all versions up to,... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1295 The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insuff... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-14386 The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the ... | 8.8 | HIGH | — | 0 |
| CVE-2026-1310 The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the `miga_ajax_ed... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1466 Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-40537 SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. | 7.5 | HIGH | — | 0 |
| CVE-2025-40554 SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0818 When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted co... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1054 The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_s... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-7740 Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment. | N/A | NONE | — | 0 |
| CVE-2026-0702 The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient... | 7.5 | HIGH | — | 0 |
| CVE-2025-14616 The Recooty – Job Widget (Old Dashboard) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the re... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1053 The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input s... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.