background

CVE & CWE, restez informé

Gestion des CVE et CWE : Votre bouclier contre les Menaces Cyber.

Notre plateforme CVE Find, dédiée à la gestion des CVE et CWE, offre une surveillance en temps réel des vulnérabilités et des faiblesses courantes. Cela permet à nos clients de rester constamment informés des dernières évolutions en matière de cybersécurité. Grâce à notre système d'alerte avancé, vous recevrez des notifications immédiates par SMS et email, garantissant ainsi une réactivité maximale face aux nouvelles menaces.

Avec notre service, vous pourrez sécuriser de manière optimale votre infrastructure réseau et web, renforçant ainsi la protection de vos données critiques contre les intrusions et les cyberattaques. Chez BEXXO, nous vous fournissons les outils nécessaires pour une défense robuste et proactive.

icon

Alerte par Email

icon

Alerte sur les produits que vous utilisez

icon

Déterminer l'impact des risques sur vos produits

icon

Mise à jour permanente

Explorez notre solution mondiale

Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.

Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.

Accédez à CVE Find
Mise à jour permanente

Découvrez les derniers CVE critiques publiés.

Précédent
Prochain
9.1

CVE-2025-47275 - CRITICAL
15/05/2025

Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Certain pre-conditions are required to be vulnerable to this issue: Applications using...

authorisationproblemOWSAP: A07

>> Plus d'informations avec CVE Find

9.1

CVE-2025-47928 - CRITICAL
15/05/2025

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possibl...

>> Plus d'informations avec CVE Find
9.4

CVE-2025-47788 - CRITICAL
15/05/2025

Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for the issue.

directorytraversalOWSAP: A01

>> Plus d'informations avec CVE Find

8.3

CVE-2025-47785 - HIGH
15/05/2025

Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and p...

sqlinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

8.9

CVE-2025-47787 - HIGH
15/05/2025

Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch f...

fileinclusionOWSAP: A04

>> Plus d'informations avec CVE Find

8.5

CVE-2025-30418 - HIGH
15/05/2025

There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior ver...

overflow

>> Plus d'informations avec CVE Find

8.5

CVE-2025-30419 - HIGH
15/05/2025

There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 ...

overflow

>> Plus d'informations avec CVE Find

8.5

CVE-2025-30420 - HIGH
15/05/2025

There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and...

overflow

>> Plus d'informations avec CVE Find

8.5

CVE-2025-30421 - HIGH
15/05/2025

There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Desig...

>> Plus d'informations avec CVE Find
8.5

CVE-2025-30417 - HIGH
15/05/2025

There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0...

overflow

>> Plus d'informations avec CVE Find

9.8

CVE-2025-46052 - CRITICAL
15/05/2025

An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php

sqlinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

9.8

CVE-2025-4564 - CRITICAL
15/05/2025

The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-confi...

directorytraversalOWSAP: A01

>> Plus d'informations avec CVE Find

9.3

CVE-2025-32002 - CRITICAL
15/05/2025

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when 'Remote Link3 function' is enabled. If exploited, a remote unauthenticated attacker may execute an arbitrary OS command.

oscommandinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

8.7

CVE-2025-27523 - HIGH
15/05/2025

XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.

OWSAP: A05

>> Plus d'informations avec CVE Find

8.8

CVE-2025-3053 - HIGH
15/05/2025

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to execute arbitrary functions with arbitrary data, and does not have any sort of capability check. This makes it possible f...

codeinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

9.8

CVE-2025-3917 - CRITICAL
15/05/2025

The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code ex...

fileinclusionOWSAP: A04

>> Plus d'informations avec CVE Find

9.1

CVE-2025-27891 - CRITICAL
14/05/2025

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds reads via malformed NAS packets.

overflow

>> Plus d'informations avec CVE Find

9.1

CVE-2025-47884 - CRITICAL
14/05/2025

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a trusted job, potentially gaining unauthorized access to external services.

OWSAP: A01

>> Plus d'informations avec CVE Find

8.8

CVE-2025-47885 - HIGH
14/05/2025

Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses.

crosssitescriptingOWSAP: A03

>> Plus d'informations avec CVE Find

9.8

CVE-2025-47889 - CRITICAL
14/05/2025

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

>> Plus d'informations avec CVE Find
Découvrez comment bexxo peut sécuriser votre entreprise. N'hésitez pas à nous contacter pour une consultation personnalisée dès aujourd'hui !
1099+ CVE
Ces 7 Derniers Jours
Dernière mise à jour : 2025-05-15 21:32

Gestion des CVE et CWE : Votre bouclier contre les Menaces Cyber.

14399+ CVE - Authorization problems

7594+ CVE - Cross-Site Request Forgery

14747+ CVE - SQL Injection

35789+ CVE - Cross-site Scripting