Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-5805 Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2. | 8.8 | HIGH | β | 0 |
| CVE-2026-24345 Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI | 8.8 | HIGH | β | 0 |
| CVE-2025-69328 Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Ma... | 8.8 | HIGH | β | 0 |
| CVE-2025-62106 Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a throu... | 8.8 | HIGH | β | 0 |
| CVE-2026-22472 Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: ... | 8.8 | HIGH | β | 0 |
| CVE-2026-1138 A flaw has been found in UTT θΏε 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can lead to buffer overflow. The attack may be performe... | 8.8 | HIGH | β | 0 |
| CVE-2026-1139 A vulnerability has been found in UTT θΏε 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possibl... | 8.8 | HIGH | β | 0 |
| CVE-2025-63018 Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229. | 8.8 | HIGH | β | 0 |
| CVE-2025-66135 Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: ... | 8.8 | HIGH | β | 0 |
| CVE-2025-66136 Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: ... | 8.8 | HIGH | β | 0 |
| CVE-2025-66137 Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Eleme... | 8.8 | HIGH | β | 0 |
| CVE-2025-66138 Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for El... | 8.8 | HIGH | β | 0 |
| CVE-2026-1140 A vulnerability was found in UTT θΏε 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch... | 8.8 | HIGH | β | 0 |
| CVE-2025-67619 Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2. | 8.8 | HIGH | β | 0 |
| CVE-2026-1143 A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid c... | 8.8 | HIGH | β | 0 |
| CVE-2025-67966 Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3. | 8.8 | HIGH | β | 0 |
| CVE-2026-24440 Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing pa... | 8.8 | HIGH | β | 0 |
| CVE-2026-24428 Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the ad... | 8.8 | HIGH | β | 0 |
| CVE-2022-50898 NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary... | 8.8 | HIGH | β | 0 |
| CVE-2025-36640 A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. | 8.8 | HIGH | β | 0 |
| CVE-2026-1155 A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument... | 8.8 | HIGH | β | 0 |
| CVE-2026-24685 OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProjectβs repository diff download endpoint ... | 8.8 | HIGH | β | 0 |
| CVE-2025-15347 The Creator LMS β The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability ... | 8.8 | HIGH | β | 0 |
| CVE-2025-59106 The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to... | 8.8 | HIGH | β | 0 |
| CVE-2025-69517 An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/new... | 8.8 | HIGH | β | 0 |
| CVE-2025-58150 Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That si... | 8.8 | HIGH | β | 0 |
| CVE-2025-61973 A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, whic... | 8.8 | HIGH | β | 0 |
| CVE-2026-1420 A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote explo... | 8.8 | HIGH | β | 0 |
| CVE-2021-47794 ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account ... | 8.8 | HIGH | β | 0 |
| CVE-2026-0880 Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 8.8 | HIGH | β | 0 |
| CVE-2020-36969 M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /ap... | 8.8 | HIGH | β | 0 |
| CVE-2025-68899 Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4. | 8.8 | HIGH | β | 0 |
| CVE-2026-32513 Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7. | 8.8 | HIGH | β | 0 |
| CVE-2026-23742 Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua ... | 8.8 | HIGH | β | 0 |
| CVE-2026-0882 Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | 8.8 | HIGH | β | 0 |
| CVE-2026-0899 Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2025-70893 A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied inp... | 8.8 | HIGH | β | 0 |
| CVE-2026-23544 Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5. | 8.8 | HIGH | β | 0 |
| CVE-2026-0900 Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High... | 8.8 | HIGH | β | 0 |
| CVE-2026-23950 node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system... | 8.8 | HIGH | β | 0 |
| CVE-2025-66428 An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation. | 8.8 | HIGH | β | 0 |
| CVE-2026-24412 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXm... | 8.8 | HIGH | β | 0 |
| CVE-2026-24406 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamed... | 8.8 | HIGH | β | 0 |
| CVE-2026-24405 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalcu... | 8.8 | HIGH | β | 0 |
| CVE-2021-47770 OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers c... | 8.8 | HIGH | β | 0 |
| CVE-2025-50007 Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4. | 8.8 | HIGH | β | 0 |
| CVE-2025-13062 The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files... | 8.8 | HIGH | β | 0 |
| CVE-2026-24380 Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: ... | 8.8 | HIGH | β | 0 |
| CVE-2025-14386 The Search Atlas SEO β Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the ... | 8.8 | HIGH | β | 0 |
| CVE-2021-47852 Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the Rocks... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.