Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-52879 An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 b... | 7.5 | HIGH | — | 0 |
| CVE-2024-52880 An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 b... | 7.9 | HIGH | — | 0 |
| CVE-2025-2527 Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6786 The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue | 6.1 | MEDIUM | — | 0 |
| CVE-2024-12812 The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters t... | 7.5 | HIGH | — | 0 |
| CVE-2025-1289 The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-1303 The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used again... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-26621 OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that wi... | 7.6 | HIGH | — | 0 |
| CVE-2025-46725 Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47277 vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-1712 Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files | 8.8 | HIGH | — | 0 |
| CVE-2025-48206 The ns_backup extension through 13.0.0 for TYPO3 allows XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-22893 Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of pri... | 7.8 | HIGH | — | 0 |
| CVE-2025-20256 A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with va... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-3480 MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-3486 Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authenticat... | 8.8 | HIGH | — | 0 |
| CVE-2025-3881 eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatio... | N/A | NONE | — | 0 |
| CVE-2025-3882 eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installa... | N/A | NONE | — | 0 |
| CVE-2025-46716 Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize i... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-3883 eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eC... | N/A | NONE | — | 0 |
| CVE-2025-3884 Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue... | N/A | NONE | — | 0 |
| CVE-2025-3885 Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected instal... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-4123 A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend p... | 7.6 | HIGH | — | 0 |
| CVE-2025-46713 Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic ov... | 7.8 | HIGH | — | 0 |
| CVE-2025-46714 Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflo... | 7.8 | HIGH | — | 0 |
| CVE-2025-23241 Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via l... | 7.3 | HIGH | — | 0 |
| CVE-2025-4979 An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that ... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-12093 An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to b... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-5024 A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be... | 7.4 | HIGH | — | 0 |
| CVE-2025-4366 A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-46715 Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize i... | 7.8 | HIGH | — | 0 |
| CVE-2025-1754 An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arb... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-2938 An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated pr... | 3.1 | LOW | — | 0 |
| CVE-2025-3279 An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-5315 An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role per... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-5846 An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated c... | 2.7 | LOW | — | 0 |
| CVE-2025-52887 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and ... | 7.5 | HIGH | — | 0 |
| CVE-2025-36034 IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle te... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-53013 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau ... | 5.2 | MEDIUM | — | 0 |
| CVE-2025-52903 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of F... | 8.0 | HIGH | — | 0 |
| CVE-2025-53168 Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera wi... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-52904 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users h... | 8.0 | HIGH | — | 0 |
| CVE-2013-1424 Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. | 5.6 | MEDIUM | — | 0 |
| CVE-2014-0468 Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This i... | 9.8 | CRITICAL | — | 0 |
| CVE-2014-6274 git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repos... | 7.5 | HIGH | — | 0 |
| CVE-2014-7210 pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissio... | 9.8 | CRITICAL | — | 0 |
| CVE-2015-0842 yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. | 9.8 | CRITICAL | — | 0 |
| CVE-2015-0843 yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-21470 Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-6765 A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Reque... | 6.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.