Gestion des CVE et CWE : Votre bouclier contre les Menaces Cyber.
Notre plateforme CVE Find, dédiée à la gestion des CVE et CWE, offre une surveillance en temps réel des vulnérabilités et des faiblesses courantes. Cela permet à nos clients de rester constamment informés des dernières évolutions en matière de cybersécurité. Grâce à notre système d'alerte avancé, vous recevrez des notifications immédiates par SMS et email, garantissant ainsi une réactivité maximale face aux nouvelles menaces.
Avec notre service, vous pourrez sécuriser de manière optimale votre infrastructure réseau et web, renforçant ainsi la protection de vos données critiques contre les intrusions et les cyberattaques. Chez BEXXO, nous vous fournissons les outils nécessaires pour une défense robuste et proactive.
Alerte par Email
Alerte sur les produits que vous utilisez
Déterminer l'impact des risques sur vos produits
Mise à jour permanente
Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.
Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.
Accédez à CVE Find
Restez en avance avec les dernières failles critiques de sécurité.
CVE-2026-1720 - HIGH
05/03/2026
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'install_and_active_plugin' function in all versions up to, and including, 1.4.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install...
authorisationproblemOWSAP: A01
CVE-2026-2599 - CRITICAL
05/03/2026
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'download_csv' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability ha...
OWSAP: A08
CVE-2026-28536 - CRITICAL
05/03/2026
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2026-1678 - CRITICAL
05/03/2026
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
overflow
CVE-2026-28134 - HIGH
05/03/2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.
codeinjectionOWSAP: A03
CVE-2025-69338 - CRITICAL
05/03/2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n/a through <= 1.6.26.
sqlinjectionOWSAP: A03
CVE-2025-68555 - CRITICAL
05/03/2026
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1.
fileinclusionOWSAP: A04
CVE-2025-68553 - CRITICAL
05/03/2026
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through < 2.0.1.
fileinclusionOWSAP: A04
CVE-2025-54001 - CRITICAL
05/03/2026
Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <= 2.5.
OWSAP: A08
CVE-2024-57854 - CRITICAL
05/03/2026
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
OWSAP: A02
CVE-2026-3381 - CRITICAL
05/03/2026
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.
CVE-2026-3257 - CRITICAL
05/03/2026
UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.
CVE-2025-40931 - CRITICAL
05/03/2026
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date ...
OWSAP: A02
CVE-2025-40926 - CRITICAL
05/03/2026
Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cr...
OWSAP: A02
CVE-2026-29000 - CRITICAL
04/03/2026
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user incl...
OWSAP: A02
CVE-2026-27803 - HIGH
04/03/2026
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4.
priviliegemanagementauthorisationproblemOWSAP: A04OWSAP: A01
CVE-2026-27802 - HIGH
04/03/2026
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4.
priviliegemanagementauthorisationproblemOWSAP: A04OWSAP: A01
CVE-2025-70222 - CRITICAL
04/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode.
CVE-2025-70225 - CRITICAL
04/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component
CVE-2025-70221 - CRITICAL
04/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin.
