Gestion des CVE et CWE : Votre bouclier contre les Menaces Cyber.
Notre plateforme CVE Find, dédiée à la gestion des CVE et CWE, offre une surveillance en temps réel des vulnérabilités et des faiblesses courantes. Cela permet à nos clients de rester constamment informés des dernières évolutions en matière de cybersécurité. Grâce à notre système d'alerte avancé, vous recevrez des notifications immédiates par SMS et email, garantissant ainsi une réactivité maximale face aux nouvelles menaces.
Avec notre service, vous pourrez sécuriser de manière optimale votre infrastructure réseau et web, renforçant ainsi la protection de vos données critiques contre les intrusions et les cyberattaques. Chez BEXXO, nous vous fournissons les outils nécessaires pour une défense robuste et proactive.
Alerte par Email
Alerte sur les produits que vous utilisez
Déterminer l'impact des risques sur vos produits
Mise à jour permanente
Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.
Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.
Accédez à CVE Find
Restez en avance avec les dernières failles critiques de sécurité.
CVE-2026-28292 - CRITICAL
10/03/2026
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability.
oscommandinjectionOWSAP: A03
CVE-2026-27826 - HIGH
10/03/2026
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an `Authorization` header. No authentication is require...
ssrfOWSAP: A10
CVE-2026-3847 - HIGH
10/03/2026
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.
overflowmemorycorruption
CVE-2026-3845 - HIGH
10/03/2026
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
CVE-2026-3843 - CRITICAL
10/03/2026
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in application/x-www-form-urlencoded data (e.g., action=do&sql=
sqlinjectionOWSAP: A03
CVE-2026-30957 - CRITICAL
10/03/2026
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is executed inside Node's vm while live host-realm Playwright browser and page objects are exposed to it. A...
CVE-2026-30956 - CRITICAL
10/03/2026
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the server trusts this client-supplied header, internal permission checks in BasePermission are skipped and...
authorisationproblemOWSAP: A01
CVE-2026-30944 - HIGH
10/03/2026
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target user ID...
authorisationproblemOWSAP: A01
CVE-2026-30934 - HIGH
10/03/2026
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/
crosssitescriptingOWSAP: A03
CVE-2026-26118 - HIGH
10/03/2026
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
ssrfOWSAP: A10
CVE-2026-26116 - HIGH
10/03/2026
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
sqlinjectionOWSAP: A03
CVE-2026-26115 - HIGH
10/03/2026
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
inputvalidation
CVE-2026-26114 - HIGH
10/03/2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
OWSAP: A08
CVE-2026-26113 - HIGH
10/03/2026
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
overflow
CVE-2026-26111 - HIGH
10/03/2026
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2026-26110 - HIGH
10/03/2026
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26109 - HIGH
10/03/2026
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
overflow
CVE-2026-26106 - HIGH
10/03/2026
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
OWSAP: A03
CVE-2026-25188 - HIGH
10/03/2026
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-25177 - HIGH
10/03/2026
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
