Gestion des CVE et CWE : Votre bouclier contre les Menaces Cyber.
Notre plateforme CVE Find, dédiée à la gestion des CVE et CWE, offre une surveillance en temps réel des vulnérabilités et des faiblesses courantes. Cela permet à nos clients de rester constamment informés des dernières évolutions en matière de cybersécurité. Grâce à notre système d'alerte avancé, vous recevrez des notifications immédiates par SMS et email, garantissant ainsi une réactivité maximale face aux nouvelles menaces.
Avec notre service, vous pourrez sécuriser de manière optimale votre infrastructure réseau et web, renforçant ainsi la protection de vos données critiques contre les intrusions et les cyberattaques. Chez BEXXO, nous vous fournissons les outils nécessaires pour une défense robuste et proactive.
Alerte par Email
Alerte sur les produits que vous utilisez
Déterminer l'impact des risques sur vos produits
Mise à jour permanente
Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.
Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.
Accédez à CVE Find
Restez en avance avec les dernières failles critiques de sécurité.
CVE-2025-56005 - CRITICAL
20/01/2026
An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious...
CVE-2025-33015 - HIGH
20/01/2026
IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
CVE-2025-12985 - HIGH
20/01/2026
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.
CVE-2025-14115 - HIGH
20/01/2026
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2025-15347 - HIGH
20/01/2026
The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor level access and above, to update...
CVE-2025-53912 - CRITICAL
20/01/2026
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.
CVE-2026-22844 - CRITICAL
20/01/2026
A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
CVE-2025-14533 - CRITICAL
20/01/2026
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: ...
CVE-2026-1221 - CRITICAL
20/01/2026
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware.
CVE-2026-0899 - HIGH
20/01/2026
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-0900 - HIGH
20/01/2026
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-0902 - HIGH
20/01/2026
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-0906 - CRITICAL
20/01/2026
Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-0907 - CRITICAL
20/01/2026
Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-0908 - HIGH
20/01/2026
Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-23949 - HIGH
20/01/2026
jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The strip_fi...
CVE-2026-23950 - HIGH
20/01/2026
node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be p...
CVE-2026-23837 - CRITICAL
19/01/2026
MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory authentication check in the roleBasedAuthMiddleware. By simply not providing an authentication cookie (making req.user undefined), a request is incorrectly passed through to downstream handlers. All...
CVE-2026-23839 - CRITICAL
19/01/2026
Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryUpdated=`. Version 0.70.0 fixes the issue.
CVE-2026-23840 - CRITICAL
19/01/2026
Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryDeleted=`. Version 0.70.0 fixes the issue.
