Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-40932 Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 retu... | 8.2 | HIGH | β | 0 |
| CVE-2025-67977 Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a ... | 8.2 | HIGH | β | 0 |
| CVE-2026-27179 MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] paramet... | 8.2 | HIGH | β | 0 |
| CVE-2025-70298 GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function. | 8.2 | HIGH | β | 0 |
| CVE-2025-71057 Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. | 8.2 | HIGH | β | 0 |
| CVE-2026-24790 The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication. | 8.2 | HIGH | β | 0 |
| CVE-2020-36999 Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by ... | 8.2 | HIGH | β | 0 |
| CVE-2026-2007 Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we ... | 8.2 | HIGH | β | 0 |
| CVE-2019-25497 osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send ... | 8.2 | HIGH | β | 0 |
| CVE-2019-25496 osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can mo... | 8.2 | HIGH | β | 0 |
| CVE-2019-25495 osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can sen... | 8.2 | HIGH | β | 0 |
| CVE-2019-25494 Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password... | 8.2 | HIGH | β | 0 |
| CVE-2026-21955 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high ... | 8.2 | HIGH | β | 0 |
| CVE-2026-21956 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high ... | 8.2 | HIGH | β | 0 |
| CVE-2026-21990 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high ... | 8.2 | HIGH | β | 0 |
| CVE-2026-23857 Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local acc... | 8.2 | HIGH | β | 0 |
| CVE-2025-9986 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through ... | 8.2 | HIGH | β | 0 |
| CVE-2024-44250 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated priv... | 8.2 | HIGH | β | 0 |
| CVE-2026-34042 act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can conne... | 8.2 | HIGH | β | 0 |
| CVE-2018-25183 Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submi... | 8.2 | HIGH | β | 0 |
| CVE-2026-33941 Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates us... | 8.2 | HIGH | β | 0 |
| CVE-2026-32877 Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value... | 8.2 | HIGH | β | 0 |
| CVE-2026-34725 DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML... | 8.2 | HIGH | β | 0 |
| CVE-2026-34375 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` parameter into a JavaScript... | 8.2 | HIGH | β | 0 |
| CVE-2026-35091 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User ... | 8.2 | HIGH | β | 0 |
| CVE-2026-31788 In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space proce... | 8.2 | HIGH | β | 0 |
| CVE-2018-25185 Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers ... | 8.2 | HIGH | β | 0 |
| CVE-2026-4984 The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs ('MediaUrlN' paramete... | 8.2 | HIGH | β | 0 |
| CVE-2018-25202 SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit ... | 8.2 | HIGH | β | 0 |
| CVE-2019-25575 SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Att... | 8.2 | HIGH | β | 0 |
| CVE-2019-25576 Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Atta... | 8.2 | HIGH | β | 0 |
| CVE-2026-34982 Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `gu... | 8.2 | HIGH | β | 0 |
| CVE-2019-25488 Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attac... | 8.2 | HIGH | β | 0 |
| CVE-2026-31824 Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use (TOCTOU) race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2026-31839 Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted man... | 8.2 | HIGH | β | 0 |
| CVE-2018-25199 OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inj... | 8.2 | HIGH | β | 0 |
| CVE-2018-25176 Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search en... | 8.2 | HIGH | β | 0 |
| CVE-2018-25175 Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Atta... | 8.2 | HIGH | β | 0 |
| CVE-2019-25528 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter... | 8.2 | HIGH | β | 0 |
| CVE-2026-4740 A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cl... | 8.2 | HIGH | β | 0 |
| CVE-2018-25173 Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET req... | 8.2 | HIGH | β | 0 |
| CVE-2018-25172 Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET... | 8.2 | HIGH | β | 0 |
| CVE-2026-27826 MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint ... | 8.2 | HIGH | β | 0 |
| CVE-2018-25171 EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET req... | 8.2 | HIGH | β | 0 |
| CVE-2015-10148 Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remot... | 8.2 | HIGH | β | 0 |
| CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. A... | 8.2 | HIGH | β | 0 |
| CVE-2018-25170 DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can ... | 8.2 | HIGH | β | 0 |
| CVE-2026-32278 Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issu... | 8.2 | HIGH | β | 0 |
| CVE-2026-22171 OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensio... | 8.2 | HIGH | β | 0 |
| CVE-2019-25536 Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[]... | 8.2 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.