Veille CVE

Alertes CVE par stack

Déclare ton stack (Laravel, Node.js, Docker…) et reçois un email dès qu'une faille CVE affecte tes technologies.

1,685 CVE trackés
124 Critiques
528 High
627 Cette semaine

CVEs récents

Mis à jour quotidiennement via NVD NIST

CVE-2025-59866 LOW CVSS 3.3

The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to...

NVD

19 hours ago

CVE-2026-9588

A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit_modify_voicemail_template en...

NVD

20 hours ago

CVE-2026-9587

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and...

NVD

20 hours ago

CVE-2026-9586

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The /pa endpoint processes XML content beginning with <PolycomIPPhone> and directly concatenates th...

NVD

20 hours ago

CVE-2026-9585

An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supp...

NVD

20 hours ago

CVE-2026-8297 CRITICAL CVSS 9.8

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory...

NVD

20 hours ago

CVE-2026-63309 MEDIUM CVSS 4.3

SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDE...

NVD

20 hours ago

CVE-2026-63308 MEDIUM CVSS 4.3

Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the Files.Lines template helper in pkg/engine/files.go that allows attackers to trigger an index out of range...

NVD

20 hours ago

CVE-2026-63307 MEDIUM CVSS 6.5

Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/{id} endpoint. The handler calls dataSourceService.queryExistent(id, ...) without...

NVD

20 hours ago

CVE-2026-63101 HIGH CVSS 7.5

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, nam...

NVD

20 hours ago

CVE-2026-57860 HIGH CVSS 7.8

ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A maliciou...

NVD

20 hours ago

CVE-2026-54496 CRITICAL CVSS 9.3

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget i...

NVD

20 hours ago

CVE-2026-49216

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, the Stimulus controller in symfony/ux-autocomplete renders AJAX response items in _createAutocompleteWithRemoteData...

NVD

20 hours ago

CVE-2026-49215

Symfony UX is a JavaScript ecosystem for Symfony. From 2.22.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\EventListener\LiveComponentSubscriber::isLiveComponentRequest() gates #[LiveAction] invoc...

NVD

20 hours ago

CVE-2026-49212

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, the HMAC computed by Symfony\UX\LiveComponent\LiveComponentHydrator covered only sorted prop key/value pairs and di...

NVD

20 hours ago

CVE-2026-49211

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause() builds the LIKE expression used by the autocom...

NVD

20 hours ago

CVE-2026-49210

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml() interpolates the client-controlled childr...

NVD

20 hours ago

CVE-2026-49209

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::__invoke() iterates over the client-supplied actions arr...

NVD

20 hours ago

CVE-2026-49208

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, when a #[LiveProp] is typed as DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\Liv...

NVD

20 hours ago

CVE-2026-44722 MEDIUM CVSS 6.2

pyzipper is a replacement for Python's zipfile that can read and write AES encrypted zip files. Prior to 0.4.0, a Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to ne...

NVD

20 hours ago

Sois alerté dès qu'une faille touche ton stack

Email automatique avec description et recommandation de patch.

Créer un compte gratuit