Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-53371 DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-28243 An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component. | 8.0 | HIGH | — | 0 |
| CVE-2025-28244 Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover | 8.8 | HIGH | — | 0 |
| CVE-2025-28245 Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53542 Headlamp is an extensible Kubernetes web UI. A command injection vulnerability was discovered in the codeSign.js script used in the macOS packaging workflow of the Kubernetes Headlamp project. This is... | 7.7 | HIGH | — | 0 |
| CVE-2025-23290 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerab... | 2.5 | LOW | — | 0 |
| CVE-2025-53549 The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0... | N/A | NONE | — | 0 |
| CVE-2025-53625 The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been... | N/A | NONE | — | 0 |
| CVE-2025-53626 pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and pro... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53709 Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circum... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-7411 A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /success.php. The manipulation ... | 7.3 | HIGH | — | 0 |
| CVE-2025-2520 The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communic... | 7.5 | HIGH | — | 0 |
| CVE-2025-34093 An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized ... | N/A | NONE | — | 0 |
| CVE-2025-41658 CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-34095 An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can... | N/A | NONE | — | 0 |
| CVE-2025-34096 A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an ... | N/A | NONE | — | 0 |
| CVE-2025-34097 An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a m... | N/A | NONE | — | 0 |
| CVE-2025-34098 A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management ... | N/A | NONE | — | 0 |
| CVE-2025-34100 An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly ... | N/A | NONE | — | 0 |
| CVE-2025-34101 An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 2... | N/A | NONE | — | 0 |
| CVE-2025-4410 A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code. | 7.5 | HIGH | — | 0 |
| CVE-2025-34102 A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticate... | N/A | NONE | — | 0 |
| CVE-2025-53630 llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability i... | N/A | NONE | — | 0 |
| CVE-2025-7412 A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulati... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7413 A vulnerability classified as critical has been found in code-projects Library System 1.0. This affects an unknown part of the file /user/teacher/profile.php. The manipulation of the argument image le... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-2521 The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a... | 8.6 | HIGH | — | 0 |
| CVE-2025-2522 The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulner... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-2523 The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability... | 9.4 | CRITICAL | — | 0 |
| CVE-2025-3946 The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vuln... | 8.2 | HIGH | — | 0 |
| CVE-2025-3947 The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data... | 8.2 | HIGH | — | 0 |
| CVE-2025-7414 A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipu... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7415 A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component http... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7416 A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.12(3880). Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manip... | 8.8 | HIGH | — | 0 |
| CVE-2025-46704 A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least use... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-7417 A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this vulnerability is the function fromNetToolGet of the file /goform/setPingInfo of the component h... | 8.8 | HIGH | — | 0 |
| CVE-2025-1727 The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packet... | 8.1 | HIGH | — | 0 |
| CVE-2025-7418 A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The mani... | 8.8 | HIGH | — | 0 |
| CVE-2025-7419 A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manip... | 8.8 | HIGH | — | 0 |
| CVE-2025-41442 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46358 Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | 7.7 | HIGH | — | 0 |
| CVE-2023-24852 Memory Corruption in Core due to secure memory access by user while loading modem image. | 8.4 | HIGH | — | 0 |
| CVE-2025-48891 A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker with at... | 7.6 | HIGH | — | 0 |
| CVE-2025-50109 Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere. | 7.7 | HIGH | — | 0 |
| CVE-2025-52459 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with at least user-level privileges. Ce... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-52577 A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at le... | 8.8 | HIGH | — | 0 |
| CVE-2025-52579 Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if t... | 9.4 | CRITICAL | — | 0 |
| CVE-2025-53471 Emerson ValveLink products receive input or data, but it do not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-53475 A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with a... | 8.8 | HIGH | — | 0 |
| CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-7420 A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component ... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.