Gestion des CVE et CWE : Votre bouclier contre les Menaces Cyber.
Notre plateforme CVE Find, dédiée à la gestion des CVE et CWE, offre une surveillance en temps réel des vulnérabilités et des faiblesses courantes. Cela permet à nos clients de rester constamment informés des dernières évolutions en matière de cybersécurité. Grâce à notre système d'alerte avancé, vous recevrez des notifications immédiates par SMS et email, garantissant ainsi une réactivité maximale face aux nouvelles menaces.
Avec notre service, vous pourrez sécuriser de manière optimale votre infrastructure réseau et web, renforçant ainsi la protection de vos données critiques contre les intrusions et les cyberattaques. Chez BEXXO, nous vous fournissons les outils nécessaires pour une défense robuste et proactive.
Alerte par Email
Alerte sur les produits que vous utilisez
Déterminer l'impact des risques sur vos produits
Mise à jour permanente
Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.
Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.
Accédez à CVE Find
Restez en avance avec les dernières failles critiques de sécurité.
CVE-2026-3826 - CRITICAL
11/03/2026
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
OWSAP: A03
CVE-2026-31844 - HIGH
11/03/2026
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL queries via crafted requests to this parameter, allowing execution of unintended SQL statements and expo...
sqlinjectionOWSAP: A03
CVE-2026-27842 - CRITICAL
11/03/2026
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
OWSAP: A07
CVE-2026-24448 - CRITICAL
11/03/2026
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.
OWSAP: A07
CVE-2023-27573 - CRITICAL
11/03/2026
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of ...
CVE-2025-13067 - HIGH
11/03/2026
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a name to bypass sanitization. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the af...
fileinclusionOWSAP: A04
CVE-2026-23814 - HIGH
11/03/2026
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.
CVE-2026-23813 - CRITICAL
11/03/2026
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password.
CVE-2026-21290 - HIGH
11/03/2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A ...
crosssitescriptingOWSAP: A03
CVE-2026-21333 - HIGH
10/03/2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
OWSAP: A08
CVE-2026-31824 - HIGH
10/03/2026
Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use (TOCTOU) race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects the promotion usage limit (the global used counter on Promotion entities), coupon usage limit (the global used counter on PromotionCoupon entities), and coupon per-customer usage limit (the p...
CVE-2026-31817 - HIGH
10/03/2026
OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowi...
directorytraversalOWSAP: A01
CVE-2026-30966 - CRITICAL
10/03/2026
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any client using only the application key. No master key is required. An attacker can create, read, update,...
OWSAP: A01
CVE-2026-0123 - HIGH
10/03/2026
In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
overflow
CVE-2026-0122 - HIGH
10/03/2026
In multiple places, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
overflow
CVE-2026-28495 - CRITICAL
10/03/2026
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling a remote unauthenticated attacker to exploit this via Cross-Site Request Forgery against a logged-in...
csrfOWSAP: A01
CVE-2026-27825 - CRITICAL
10/03/2026
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary conten...
directorytraversalOWSAP: A01OWSAP: A04
CVE-2025-48611 - CRITICAL
10/03/2026
In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-28292 - CRITICAL
10/03/2026
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability.
oscommandinjectionOWSAP: A03
CVE-2026-27826 - HIGH
10/03/2026
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an `Authorization` header. No authentication is require...
ssrfOWSAP: A10
