Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2006-3917 PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter. | N/A | NONE | — | 0 |
| CVE-2006-3918 http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect h... | N/A | NONE | — | 0 |
| CVE-2006-3919 SQL injection vulnerability in index.php in SD Studio CMS allows remote attackers to execute arbitrary SQL commands via the (1) news_id, (2) tid, and (3) page_id parameters. | N/A | NONE | — | 0 |
| CVE-2025-28999 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Pag... | 7.1 | HIGH | — | 0 |
| CVE-2025-29014 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20. | 7.1 | HIGH | — | 0 |
| CVE-2025-8957 A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_id... | 7.3 | HIGH | — | 0 |
| CVE-2025-8960 A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2023-5342 The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded. | 4.1 | MEDIUM | — | 0 |
| CVE-2025-8713 PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intend... | 3.1 | LOW | — | 0 |
| CVE-2025-8714 Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running p... | 8.8 | HIGH | — | 0 |
| CVE-2025-8715 Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql ... | 8.8 | HIGH | — | 0 |
| CVE-2024-53945 The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS comm... | 8.8 | HIGH | — | 0 |
| CVE-2024-53946 The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into... | 8.8 | HIGH | — | 0 |
| CVE-2025-43984 An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-7353 A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow re... | N/A | NONE | — | 0 |
| CVE-2025-7773 A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in ses... | N/A | NONE | — | 0 |
| CVE-2025-7774 A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perf... | N/A | NONE | — | 0 |
| CVE-2025-7973 A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which ru... | N/A | NONE | — | 0 |
| CVE-2025-9036 A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client l... | N/A | NONE | — | 0 |
| CVE-2025-26484 Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit thi... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-27845 In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27846 In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-10297 A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php of th... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-49380 Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti us... | 7.5 | HIGH | — | 0 |
| CVE-2024-48074 An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/ma... | 8.0 | HIGH | — | 0 |
| CVE-2024-48357 LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48594 File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component. | 8.8 | HIGH | — | 0 |
| CVE-2024-10000 The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-10008 The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/m... | 8.8 | HIGH | — | 0 |
| CVE-2024-48271 D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the devic... | 8.8 | HIGH | — | 0 |
| CVE-2024-48272 D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-51478 YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the ... | 9.9 | CRITICAL | — | 0 |
| CVE-2024-51060 Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39719 An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "Fil... | 7.5 | HIGH | — | 0 |
| CVE-2024-39720 An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging... | 8.2 | HIGH | — | 0 |
| CVE-2024-39721 An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, ... | 7.5 | HIGH | — | 0 |
| CVE-2024-39722 An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route. | 7.5 | HIGH | — | 0 |
| CVE-2024-47939 Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request ... | N/A | NONE | — | 0 |
| CVE-2025-24308 Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. | 7.5 | HIGH | — | 0 |
| CVE-2024-50996 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allow... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-50997 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows a... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-51002 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows a... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-51003 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-51004 Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. T... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-51005 Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS... | 8.0 | HIGH | — | 0 |
| CVE-2024-51007 Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PO... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-51008 Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands vi... | 8.0 | HIGH | — | 0 |
| CVE-2024-51009 Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via... | 8.0 | HIGH | — | 0 |
| CVE-2024-51010 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway pa... | 8.0 | HIGH | — | 0 |
| CVE-2024-51011 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause... | 5.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.