Gestion des CVE et CWE : Votre bouclier contre les Menaces Cyber.
Notre plateforme CVE Find, dédiée à la gestion des CVE et CWE, offre une surveillance en temps réel des vulnérabilités et des faiblesses courantes. Cela permet à nos clients de rester constamment informés des dernières évolutions en matière de cybersécurité. Grâce à notre système d'alerte avancé, vous recevrez des notifications immédiates par SMS et email, garantissant ainsi une réactivité maximale face aux nouvelles menaces.
Avec notre service, vous pourrez sécuriser de manière optimale votre infrastructure réseau et web, renforçant ainsi la protection de vos données critiques contre les intrusions et les cyberattaques. Chez BEXXO, nous vous fournissons les outils nécessaires pour une défense robuste et proactive.
Alerte par Email
Alerte sur les produits que vous utilisez
Déterminer l'impact des risques sur vos produits
Mise à jour permanente
Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.
Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.
Accédez à CVE Find
Restez en avance avec les dernières failles critiques de sécurité.
CVE-2025-66295 - HIGH
01/12/2025
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences (for example ..\Nijat or ../Nijat), Grav writes the account YAML file to an unintended path outside user/accounts/. The written YAML can contain account fields such as email, fullname, twofa_secret...
directorytraversalOWSAP: A01
CVE-2025-66296 - HIGH
01/12/2025
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new password/email, and then log in as that administrator. This ef...
priviliegemanagementOWSAP: A04
CVE-2025-66299 - HIGH
01/12/2025
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read...
codeinjectionOWSAP: A03
CVE-2025-66300 - HIGH
01/12/2025
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files (/grav/user/accounts/*.yaml), which store hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account by resetting a password...
directorytraversalOWSAP: A01
CVE-2025-66401 - CRITICAL
01/12/2025
MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host mach...
oscommandinjectionOWSAP: A03
CVE-2024-48882 - HIGH
01/12/2025
A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.
authorisationproblemOWSAP: A07
CVE-2025-12106 - CRITICAL
01/12/2025
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
CVE-2025-23417 - HIGH
01/12/2025
A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.
authorisationproblemOWSAP: A07
CVE-2025-26858 - HIGH
01/12/2025
A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can lead to denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
OWSAP: A03
CVE-2025-3500 - CRITICAL
01/12/2025
Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.
CVE-2025-55221 - HIGH
01/12/2025
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This vulnerability is specific to the malicious message sent via Modbus TCP over port 502.
authorisationproblemOWSAP: A07
CVE-2025-55222 - HIGH
01/12/2025
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This vulnerability is specific to the malicious message sent via Modbus RTU over TCP on port 503.
authorisationproblemOWSAP: A07
CVE-2025-63525 - CRITICAL
01/12/2025
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.
CVE-2025-63526 - HIGH
01/12/2025
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter, which is then executed in the victim's browser when the page is viewed.
crosssitescriptingOWSAP: A03
CVE-2025-63527 - HIGH
01/12/2025
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the v...
crosssitescriptingOWSAP: A03
CVE-2025-63528 - HIGH
01/12/2025
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the error parameter, which is then executed in the victim's browser when the page is viewed.
crosssitescriptingOWSAP: A03
CVE-2025-63529 - HIGH
01/12/2025
A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating a new one, enabling the attacker to hijack the authenticated session and gain unauthorized access to t...
OWSAP: A07
CVE-2025-63531 - CRITICAL
01/12/2025
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system.
sqlinjectionOWSAP: A03
CVE-2025-63532 - CRITICAL
01/12/2025
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.
sqlinjectionOWSAP: A03
CVE-2025-63533 - HIGH
01/12/2025
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the rname, remail, rpassword, rphone, rcity parameters, which are then executed in the v...
crosssitescriptingOWSAP: A03
