background

CVE & CWE, restez informé

Gestion des CVE et CWE : Votre bouclier contre les Menaces Cyber.

Notre plateforme CVE Find, dédiée à la gestion des CVE et CWE, offre une surveillance en temps réel des vulnérabilités et des faiblesses courantes. Cela permet à nos clients de rester constamment informés des dernières évolutions en matière de cybersécurité. Grâce à notre système d'alerte avancé, vous recevrez des notifications immédiates par SMS et email, garantissant ainsi une réactivité maximale face aux nouvelles menaces.

Avec notre service, vous pourrez sécuriser de manière optimale votre infrastructure réseau et web, renforçant ainsi la protection de vos données critiques contre les intrusions et les cyberattaques. Chez BEXXO, nous vous fournissons les outils nécessaires pour une défense robuste et proactive.

icon

Alerte par Email

icon

Alerte sur les produits que vous utilisez

icon

Déterminer l'impact des risques sur vos produits

icon

Mise à jour permanente

Explorez notre solution mondiale

Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.

Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.

Accédez à CVE Find
Mise à jour permanente

Découvrez les derniers CVE critiques publiés.

Précédent
Prochain
8.8

CVE-2025-34491 - HIGH
28/04/2025

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup.

OWSAP: A08

>> Plus d'informations avec CVE Find

9.9

CVE-2015-2079 - CRITICAL
28/04/2025

Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.

OWSAP: A03

>> Plus d'informations avec CVE Find

10

CVE-2025-46661 - CRITICAL
28/04/2025

IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All instances have been patched by the Supplier.

>> Plus d'informations avec CVE Find
9.1

CVE-2025-3200 - CRITICAL
28/04/2025

An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.

OWSAP: A02

>> Plus d'informations avec CVE Find

8.4

CVE-2025-42598 - HIGH
28/04/2025

Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed.

OWSAP: A01

>> Plus d'informations avec CVE Find

8.7

CVE-2025-4007 - HIGH
28/04/2025

A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-3993 - HIGH
28/04/2025

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

9.2

CVE-2025-26692 - CRITICAL
27/04/2025

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running.

directorytraversalOWSAP: A01

>> Plus d'informations avec CVE Find

8.7

CVE-2025-3991 - HIGH
27/04/2025

A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-3992 - HIGH
28/04/2025

A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-3990 - HIGH
27/04/2025

A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-3989 - HIGH
27/04/2025

A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-3988 - HIGH
27/04/2025

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.4

CVE-2025-46579 - HIGH
27/04/2025

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.

codeinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

8.6

CVE-2025-2851 - HIGH
26/04/2025

A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B...

overflow

>> Plus d'informations avec CVE Find

8.8

CVE-2025-3906 - HIGH
26/04/2025

The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the default registration role within the plugin's registration flow to Admini...

authorisationproblemOWSAP: A01

>> Plus d'informations avec CVE Find

8.8

CVE-2025-3914 - HIGH
26/04/2025

The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code executio...

fileinclusionOWSAP: A04

>> Plus d'informations avec CVE Find

8.8

CVE-2024-13808 - HIGH
26/04/2025

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

codeinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

9.8

CVE-2025-25775 - CRITICAL
25/04/2025

Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.

sqlinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

8.7

CVE-2025-3928 - HIGH
25/04/2025

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.

>> Plus d'informations avec CVE Find
Découvrez comment bexxo peut sécuriser votre entreprise. N'hésitez pas à nous contacter pour une consultation personnalisée dès aujourd'hui !
585+ CVE
Ces 7 Derniers Jours
Dernière mise à jour : 2025-04-29 02:03

Gestion des CVE et CWE : Votre bouclier contre les Menaces Cyber.

14225+ CVE - Authorization problems

7484+ CVE - Cross-Site Request Forgery

14554+ CVE - SQL Injection

35400+ CVE - Cross-site Scripting