🛡
SOC Cyber Wall v5
2026-04-02T16:07:10.829449+02:00 — fenêtre 30j
Paris: -- Météo: -- Age: -- Refresh: --
P0: 13 P1: 12 KEV: 25 EPSS≥0.20: 11 Total: 125
P0 — Urgence
13
KEV + signal fort
KEV exploité
25
14j: 10 nouveaux
EPSS élevé
11
≥ 0.20 (exploitation probable)
Total findings
125
Top 300 • tri score
⚠️ P0 • CVE-2026-3055 • Citrix NetScaler — Citrix NetScaler Out-of-Bounds Read Vulnerability • P0 • CVE-2017-7921 • Hikvision Multiple Products — Hikvision Multiple Products Improper Authentication Vulnerability • P0 • CVE-2021-22054 • Omnissa Workspace One UEM — Omnissa Workspace ONE Server-Side Request Forgery • P0 • CVE-2025-32432 • Craft CMS Craft CMS — Craft CMS Code Injection Vulnerability • P0 • CVE-2025-68613 • n8n n8n — n8n Improper Control of Dynamically-Managed Code Resources Vulnerability • P0 • CVE-2026-1603 • Ivanti Endpoint Manager (EPM) — Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability • P0 • CVE-2026-33634 • Aquasecurity Trivy — Aquasecurity Trivy Embedded Malicious Code Vulnerability • P0 • CVE-2026-33017 • Langflow Langflow — Langflow Code Injection Vulnerability • P0 • CVE-2026-20131 • Cisco Secure Firewall Management Center (FMC) — Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deseri • P1 • CVE-2026-3910 • Google Chromium V8 — Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability • P0 • CVE-2025-54068 • Laravel Livewire — Laravel Livewire Code Injection Vulnerability • P1 • CVE-2026-3909 • Google Skia — Google Skia Out-of-Bounds Write Vulnerability • P1 • CVE-2026-5281 • Google Dawn — Google Dawn Use-After-Free Vulnerability • P0 • CVE-2025-53521 • F5 BIG-IP — F5 BIG-IP Unspecified Vulnerability • P0 • CVE-2025-26399 • SolarWinds Web Help Desk — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability • P0 • CVE-2025-47813 • Wing FTP Server Wing FTP Server — Wing FTP Server Information Disclosure Vulnerability • P1 • CVE-2021-22681 • Rockwell Multiple Products — Rockwell Multiple Products Insufficient Protected Credentials Vulnerability • P1 • CVE-2025-66376 • Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
World Clocksmaj 1s
Status Sourceslatence
• CISA KEV0.21s
• OSV.dev0.93s
🐙 GHSA0.88s
📋 NVD61.32s
📊 EPSS0.54s
🔍 VULNX--
Tendances 7 jours KEV P0 P1 EPSS↑
Top Vendors
pip38
composer29
npm19
go12
Apple6
Google3
Citrix1
F51
Aquasecurity1
Langflow1
Craft CMS1
Laravel1
Top CWEs
CWE-7920
CWE-2213
CWE-9187
CWE-784
CWE-1134
CWE-943
CWE-5023
CWE-893
🌐 Threat Intel — 7 derniers jours
Chargement threat intel…
P1 P2 KEV only EPSS≥0.20 REMOTE PoC CRITICAL 🆕 Nouveaux
Visible: --
Heatmap CVSS × EPSS (visible)survol = détail CVE
Prio CVE Sev CVSS EPSS Score Vendor Produit CWE Description Signaux
P0 CVE-2026-3055 CRITICAL 9.8 0.443 162.0 Citrix NetScaler CWE-125 Citrix NetScaler Out-of-Bounds Read Vulnerability KEV EPSS↑ CWE!
P0 CVE-2017-7921 LOW 0.0 0.942 158.1 Hikvision Multiple Products Hikvision Multiple Products Improper Authentication Vulnerability KEV EPSS↑
P0 CVE-2021-22054 LOW 0.0 0.938 157.6 Omnissa Workspace One UEM Omnissa Workspace ONE Server-Side Request Forgery KEV EPSS↑
P0 CVE-2025-32432 LOW 0.0 0.877 150.2 Craft CMS Craft CMS Craft CMS Code Injection Vulnerability KEV EPSS↑
P0 CVE-2025-68613 LOW 0.0 0.792 140.0 n8n n8n n8n Improper Control of Dynamically-Managed Code Resources Vulnerability KEV EPSS↑
P0 CVE-2026-1603 LOW 0.0 0.654 123.5 Ivanti Endpoint Manager (EPM) Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability KEV EPSS↑
P0 CVE-2026-33634 HIGH 8.8 0.212 123.2 Aquasecurity Trivy CWE-506 Aquasecurity Trivy Embedded Malicious Code Vulnerability KEV EPSS↑
P0 CVE-2026-33017 CRITICAL 9.8 0.057 115.6 Langflow Langflow CWE-94 Langflow Code Injection Vulnerability KEV CWE!
P0 CVE-2026-20131 CRITICAL 10.0 0.006 110.7 Cisco Secure Firewall Management Center (FMC) CWE-502 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability KEV CWE!
P1 CVE-2026-3910 HIGH 8.8 0.015 104.6 Google Chromium V8 CWE-94 Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability KEV CWE!
P0 CVE-2025-54068 LOW 0.0 0.489 103.6 Laravel Livewire Laravel Livewire Code Injection Vulnerability KEV EPSS↑
P1 CVE-2026-3909 HIGH 8.8 0.005 103.4 Google Skia CWE-787 Google Skia Out-of-Bounds Write Vulnerability KEV CWE!
P1 CVE-2026-5281 HIGH 8.8 0.000 102.8 Google Dawn CWE-416 Google Dawn Use-After-Free Vulnerability KEV CWE!
P0 CVE-2025-53521 LOW 0.0 0.414 94.7 F5 BIG-IP F5 BIG-IP Unspecified Vulnerability KEV EPSS↑
P0 CVE-2025-26399 LOW 0.0 0.282 78.9 SolarWinds Web Help Desk SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability KEV EPSS↑
P0 CVE-2025-47813 LOW 0.0 0.204 69.5 Wing FTP Server Wing FTP Server Wing FTP Server Information Disclosure Vulnerability KEV EPSS↑
P2 CVE-2026-4370 CRITICAL 10.0 0.000 65.0 go github.com/juju/juju CWE-287 Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster CWE!
P2 CVE-2026-34571 CRITICAL 10.0 0.000 65.0 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise CWE!
P2 CVE-2026-34569 CRITICAL 10.0 0.000 65.0 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P2 CVE-2026-34934 CRITICAL 9.8 0.000 63.8 pip praisonai CWE-89 PraisonAI Has Second-Order SQL Injection in `get_all_user_threads` CWE!
P2 CVE-2026-34935 CRITICAL 9.8 0.000 63.8 pip praisonai CWE-78 PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command() CWE!
P2 CVE-2026-4789 MEDIUM 9.8 0.000 63.8 go github.com/kyverno/kyverno CWE-918 Kyverno is vulnerable to server-side request forgery (SSRF) CWE!
P1 CVE-2021-22681 LOW 0.0 0.129 60.5 Rockwell Multiple Products Rockwell Multiple Products Insufficient Protected Credentials Vulnerability KEV
P2 CVE-2026-34938 CRITICAL 10.0 0.000 60.0 pip praisonaiagents CWE-693 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
P3 CVE-2026-34952 CRITICAL 9.1 0.000 59.6 pip praisonai CWE-306 PraisonAI Has Missing Authentication in WebSocket Gateway CWE!
P3 CVE-2026-34568 CRITICAL 9.1 0.000 59.6 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P3 CVE-2026-34567 CRITICAL 9.1 0.000 59.6 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P3 CVE-2026-34566 CRITICAL 9.1 0.000 59.6 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P3 CVE-2026-34565 CRITICAL 9.1 0.000 59.6 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P3 CVE-2026-34564 CRITICAL 9.1 0.000 59.6 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P3 CVE-2026-34563 CRITICAL 9.1 0.000 59.6 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS CWE!
P3 CVE-2026-34560 CRITICAL 9.1 0.000 59.6 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P3 CVE-2026-34559 CRITICAL 9.1 0.000 59.6 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P3 CVE-2026-34955 HIGH 8.8 0.000 57.8 pip praisonai CWE-78 PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox CWE!
P3 CVE-2026-34940 HIGH 8.7 0.000 57.2 go github.com/kubeai-project/kubeai CWE-78 KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods CWE!
P3 CVE-2026-34728 HIGH 8.7 0.000 57.2 composer phpmyfaq/phpmyfaq CWE-22 phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController CWE!
P3 CVE-2026-34748 HIGH 8.7 0.000 57.2 npm @payloadcms/next CWE-79 @payloadcms/next has Stored XSS in Admin Panel CWE!
P1 CVE-2025-66376 LOW 0.0 0.100 57.0 Synacor Zimbra Collaboration Suite (ZCS) Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability KEV
P3 CVE-2026-34954 HIGH 8.6 0.000 56.6 pip praisonaiagents CWE-918 PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL CWE!
P3 CVE-2026-34445 HIGH 8.6 0.000 56.6 pip onnx CWE-20 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. CWE!
P3 CVE-2026-34747 HIGH 8.5 0.000 56.0 npm payload CWE-89 Payload has an SQL Injection via Query Handling CWE!
P3 CVE-2026-34725 HIGH 8.3 0.000 54.8 npm dbgate-web CWE-79 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration CWE!
P3 CVE-2026-34524 HIGH 8.3 0.000 54.8 npm sillytavern CWE-22 SillyTavern: Path Traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root CWE!
P3 CVE-2026-34953 CRITICAL 9.1 0.000 54.6 pip praisonai CWE-863 PraisonAI Has Authentication Bypass via OAuthManager.validate_token()
P3 CVE-2026-4800 HIGH 8.1 0.000 53.6 npm lodash CWE-94 lodash vulnerable to Code Injection via `_.template` imports key names CWE!
P3 CVE-2026-34783 HIGH 8.1 0.000 53.6 go github.com/MontFerret/ferret/v2 CWE-22 Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites CWE!
P3 CVE-2026-34522 HIGH 8.1 0.000 53.6 npm sillytavern CWE-22 SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory CWE!
P3 CVE-2026-34570 HIGH 8.8 0.000 52.8 composer ci4-cms-erp/ci4ms CWE-284 CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
P1 CVE-2026-20963 LOW 0.0 0.062 52.4 Microsoft SharePoint Microsoft SharePoint Deserialization of Untrusted Data Vulnerability KEV
P3 CVE-2026-34937 HIGH 7.8 0.000 51.8 pip praisonaiagents CWE-78 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution CWE!
P3 CVE-2026-24159 HIGH 7.8 0.000 51.8 pip nemo-toolkit CWE-502 NVIDIA NeMo Framework contains a vulnerability leading to Remote Code Execution CWE!
P3 CVE-2026-24157 HIGH 7.8 0.000 51.8 pip nemo-toolkit CWE-502 NVIDIA NeMo Framework contains an RCE vulnerability in checkpoint loading CWE!
P3 CVE-2026-34936 HIGH 7.7 0.000 51.2 pip praisonai CWE-918 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback CWE!
P3 CVE-2026-34746 HIGH 7.7 0.000 51.2 npm payload CWE-918 Payload has Authenticated SSRF via Upload Functionality CWE!
P3 CVE-2026-34731 HIGH 7.5 0.000 50.0 composer wwbn/avideo CWE-306 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php CWE!
P3 CVE-2026-34581 HIGH 8.1 0.000 48.6 go github.com/patrickhener/goshs CWE-288 goshs has Auth Bypass via Share Token
P3 CVE-2026-34572 HIGH 8.0 0.000 48.0 composer ci4-cms-erp/ci4ms CWE-284 CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
P3 GHSA-q56x-g2fj-4rj6 HIGH 7.1 0.000 47.6 pip onnx CWE-22 ONNX: TOCTOU arbitrary file read/write in save_external_dat CWE!
P1 CVE-2021-30952 LOW 0.0 0.013 46.5 Apple Multiple Products Apple Multiple Products Integer Overflow or Wraparound Vulnerability KEV
P1 CVE-2025-43520 LOW 0.0 0.005 45.6 Apple Multiple Products Apple Multiple Products Classic Buffer Overflow Vulnerability KEV
P1 CVE-2025-43510 LOW 0.0 0.005 45.5 Apple Multiple Products Apple Multiple Products Improper Locking Vulnerability KEV
P1 CVE-2025-31277 LOW 0.0 0.002 45.2 Apple Multiple Products Apple Multiple Products Buffer Overflow Vulnerability KEV
P1 CVE-2023-41974 LOW 0.0 0.002 45.2 Apple iOS and iPadOS Apple iOS and iPadOS Use-After-Free Vulnerability KEV
P1 CVE-2023-43000 LOW 0.0 0.001 45.1 Apple Multiple Products Apple Multiple products Use-After-Free Vulnerability KEV
P3 GHSA-32wq-ppwg-3w4m HIGH 7.5 0.000 45.0 nuget EnhancedLinq.Async CWE-129 EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory
P3 CVE-2026-34784 HIGH 7.5 0.000 45.0 npm parse-server CWE-285 Parser Server's streaming file download bypasses afterFind file trigger authorization
P3 CVE-2026-34740 MEDIUM 6.5 0.000 44.0 composer wwbn/avideo CWE-918 AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation CWE!
P3 CVE-2026-34750 MEDIUM 6.5 0.000 44.0 npm @payloadcms/storage-azure CWE-22 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints CWE!
P3 CVE-2026-34613 MEDIUM 6.5 0.000 44.0 composer wwbn/avideo CWE-352 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins CWE!
P3 CVE-2026-34611 MEDIUM 6.5 0.000 44.0 composer wwbn/avideo CWE-352 AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users CWE!
P3 CVE-2026-34716 MEDIUM 6.4 0.000 43.4 composer wwbn/avideo CWE-79 AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification CWE!
P3 GHSA-w2fm-25vw-vh7f HIGH 7.1 0.000 42.6 npm mcp-handler CWE-362 mcp-handler has a tool response leak across concurrent client sessions ('Race Condition')
P3 CVE-2026-34828 HIGH 7.1 0.000 42.6 go github.com/knadh/listmonk CWE-613 listmonk's active sessions remain valid after password reset and password change
P3 CVE-2026-34739 MEDIUM 6.1 0.000 41.6 composer wwbn/avideo CWE-79 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php CWE!
P3 GHSA-gmpc-fxg2-vcmq MEDIUM 6.1 0.000 41.6 composer wwbn/avideo CWE-79 AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin CWE!
P3 CVE-2026-34729 MEDIUM 6.1 0.000 41.6 composer phpmyfaq/phpmyfaq CWE-79 phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes() CWE!
P3 CVE-2026-34737 MEDIUM 6.5 0.000 39.0 composer wwbn/avideo CWE-862 AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug
P3 CVE-2026-2950 MEDIUM 6.5 0.000 39.0 npm lodash CWE-1321 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
P3 CVE-2026-34939 MEDIUM 6.5 0.000 39.0 pip praisonai CWE-1333 PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
P3 CVE-2026-34733 MEDIUM 6.5 0.000 39.0 composer wwbn/avideo CWE-284 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard
P3 CVE-2026-34730 MEDIUM 5.5 0.000 38.0 pip copier CWE-22 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode CWE!
P3 CVE-2026-34447 MEDIUM 5.5 0.000 38.0 pip onnx CWE-22 ONNX: External Data Symlink Traversal CWE!
P3 CVE-2026-30587 MEDIUM 5.4 0.000 37.4 npm @seafile/sdoc-editor CWE-79 Seafile Server has multiple stored XSS vulnerabilities CWE!
P3 CVE-2026-34974 MEDIUM 5.4 0.000 37.4 composer thorsten/phpmyfaq CWE-79 phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation CWE!
P3 CVE-2026-34749 MEDIUM 5.4 0.000 37.4 npm payload CWE-352 Payload has a CSRF Protection Bypass in Authentication Flow CWE!
P3 CVE-2026-34523 MEDIUM 5.3 0.000 36.8 npm sillytavern CWE-22 SillyTavern: Path Traversal allows file existence oracle CWE!
P3 CVE-2026-34732 MEDIUM 5.3 0.000 36.8 composer wwbn/avideo CWE-306 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints CWE!
P3 GHSA-prxj-3gcv-cqrh MEDIUM 5.9 0.000 35.4 go github.com/teslamotors/fleet-telemetry CWE-295 Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials
P3 CVE-2026-34881 MEDIUM 5.0 0.000 35.0 pip glance CWE-918 OpenStack Glance is affected by Server-Side Request Forgery (SSRF) CWE!
P3 CVE-2026-34526 MEDIUM 5.0 0.000 35.0 npm sillytavern CWE-918 SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6 CWE!
P3 CVE-2026-34761 MEDIUM 5.8 0.000 34.8 go github.com/ellanetworks/core CWE-476 Ella Core Panics Upon NGAP handover failure
P3 CVE-2026-34562 MEDIUM 4.7 0.000 33.2 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P3 CVE-2026-34561 MEDIUM 4.7 0.000 33.2 composer ci4-cms-erp/ci4ms CWE-79 CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CWE!
P3 CVE-2026-34446 MEDIUM 4.7 0.000 33.2 pip onnx CWE-22 ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load CWE!
P3 CVE-2026-34715 MEDIUM 5.3 0.000 31.8 erlang ewe CWE-113 ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)
P3 GHSA-x3ff-w252-2g7j MEDIUM 5.3 0.000 31.8 npm @stablelib/ed25519 CWE-347 StableLib Ed25519 Signature Malleability via Missing S < L Check
P3 CVE-2026-34726 MEDIUM 4.4 0.000 31.4 pip copier CWE-22 Copier `_subdirectory` allows template root escape via parent-directory traversal CWE!
P3 CVE-2026-32794 MEDIUM 4.8 0.000 28.8 pip apache-airflow CWE-295 Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange
P3 GHSA-rxmp-8h9v-56cx MEDIUM 4.4 0.000 26.4 go github.com/netbirdio/netbird CWE-362 NetBird has Race Condition on UpdateUser Function, Resulting in Privilege Escalation From Admin to Owner
P3 GHSA-5qvp-pr9f-2g2v MEDIUM 4.4 0.000 26.4 pip poetry-plugin-tweak-dependencies-version CWE-377 poetry-plugin-tweak-dependencies-version affected by CVE-2026-25645
P3 CVE-2026-34738 MEDIUM 4.3 0.000 25.8 composer wwbn/avideo CWE-285 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
P3 CVE-2026-34762 LOW 2.7 0.000 21.2 go github.com/ellanetworks/core CWE-20 Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber CWE!
P3 CVE-2026-34825 HIGH 0.0 0.000 5.0 npm @nocobase/plugin-workflow-sql CWE-89 NocoBase Has SQL Injection via template variable substitution in workflow SQL node CWE!
P3 CVE-2026-34591 HIGH 0.0 0.000 5.0 pip poetry CWE-22 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write CWE!
P3 CVE-2026-34525 MEDIUM 0.0 0.000 5.0 pip aiohttp CWE-20 AIOHTTP accepts duplicate Host headers CWE!
P3 CVE-2026-34451 MEDIUM 0.0 0.000 5.0 npm @anthropic-ai/sdk CWE-22 Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories CWE!
P3 CVE-2026-34973 MEDIUM 0.0 0.000 0.0 composer thorsten/phpmyfaq CWE-943 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
P3 CVE-2026-34969 LOW 0.0 0.000 0.0 go github.com/nhost/nhost CWE-200 Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback
P3 CVE-2026-34752 HIGH 0.0 0.000 0.0 npm Haraka CWE-248 Haraka affected by DoS via `__proto__` email header
P3 CVE-2026-34520 LOW 0.0 0.000 0.0 pip aiohttp CWE-113 AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
P3 CVE-2026-34519 LOW 0.0 0.000 0.0 pip aiohttp CWE-113 AIOHTTP has HTTP response splitting via \r in reason phrase
P3 CVE-2026-34518 LOW 0.0 0.000 0.0 pip aiohttp CWE-200 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
P3 CVE-2026-34517 LOW 0.0 0.000 0.0 pip aiohttp CWE-770 AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
P3 CVE-2026-34516 MEDIUM 0.0 0.000 0.0 pip aiohttp CWE-770 AIOHTTP has a Multipart Header Size Bypass
P3 CVE-2026-34515 MEDIUM 0.0 0.000 0.0 pip aiohttp CWE-36 AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows
P3 CVE-2026-34514 LOW 0.0 0.000 0.0 pip aiohttp CWE-113 AIOHTTP has CRLF injection through multipart part content type header construction
P3 CVE-2026-34513 LOW 0.0 0.000 0.0 pip aiohttp CWE-770 AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector
P3 CVE-2026-34452 MEDIUM 0.0 0.000 0.0 pip anthropic CWE-59 Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
P3 CVE-2026-34450 MEDIUM 0.0 0.000 0.0 pip anthropic CWE-276 Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool
P3 GHSA-c65f-x25w-62jv MEDIUM 0.0 0.000 0.0 pip openssl-encrypt CWE-863 openssl-encrypt has CORS wildcard with allow_credentials=True in standalone servers
P3 GHSA-4rh7-jwg9-m28m MEDIUM 0.0 0.000 0.0 pip openssl-encrypt CWE-598 openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage
P3 GHSA-2vhw-q7vh-7xv2 MEDIUM 0.0 0.000 0.0 pip openssl-encrypt CWE-201 openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers
P3 GHSA-hvc7-763r-4f3h MEDIUM 0.0 0.000 0.0 pip openssl-encrypt CWE-862 openssl-encrypt has no owner verification on key revocation — any client can revoke any key
P3 GHSA-8h88-gxp3-j7pg MEDIUM 0.0 0.000 0.0 pip openssl-encrypt CWE-347 openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys
P3 CVE-2026-34742 HIGH 0.0 0.000 0.0 go github.com/modelcontextprotocol/go-sdk CWE-1188 DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost
--
--
Détails
🎫 Ticket
🔗 Liens
🗂 MITRE
CVE
--
Priority
--
CVSS / EPSS / Score
--
CVSS Vector
--
CWE
--
Vendor / Product
--
Source(s)
--
Publié
--
Description
--
Score breakdown
--
Template ticket JIRA / ServiceNow — copier/coller dans votre ITSM
--
Raccourcis: / recherche • Esc fermer • f fullscreen • clic ligne = détails • CVE/CVSS = NVD • ★ = watchlist