Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-25587 BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessive... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25235 NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25242 One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers c... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-33574 OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy o... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-40169 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a ya... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-35406 Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25616 AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into th... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-71280 XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensi... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-29628 A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service (DoS) via supplying a crafted .mtl file. | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25617 Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25556 TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Atta... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25677 WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25589 ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attack... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25184 Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory t... | 6.2 | MEDIUM | β | 0 |
| CVE-2016-20029 ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipul... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25557 TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp fil... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25198 eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 ... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25234 SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can past... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25618 AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25558 Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can p... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25572 NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25485 R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafte... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25226 FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trig... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25563 PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability throug... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25601 UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25484 WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a la... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25477 RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can cra... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25475 SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of dat... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25474 Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file co... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25469 Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers ca... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25599 Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25569 RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25463 SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an exc... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25598 HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers c... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25214 MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger funct... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25567 Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input st... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25595 jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attack... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25655 Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection d... | 6.2 | MEDIUM | β | 0 |
| CVE-2016-20050 NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-3778 The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25566 TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a mal... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-35480 go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on I... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25594 ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25596 SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25667 TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively lo... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25252 FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can crea... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-41762 An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-31053 A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple t... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25253 Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Att... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-29066 Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. Thi... | 6.2 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.