Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-50617 Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file i... | 7.5 | HIGH | β | 0 |
| CVE-2026-26158 A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or s... | 7.0 | HIGH | β | 0 |
| CVE-2026-26157 A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may wri... | 7.0 | HIGH | β | 0 |
| CVE-2026-26014 Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for r... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-26010 OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres... | 7.6 | HIGH | β | 0 |
| CVE-2026-25999 Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or del... | 7.1 | HIGH | β | 0 |
| CVE-2026-25994 PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excess... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25990 Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. | 7.5 | HIGH | β | 0 |
| CVE-2026-25935 Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-25924 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote... | 8.4 | HIGH | β | 0 |
| CVE-2026-25759 Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permis... | 8.7 | HIGH | β | 0 |
| CVE-2026-25633 Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25062 Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-68663 Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or e... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-64487 Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorizatio... | 7.6 | HIGH | β | 0 |
| CVE-2024-50620 Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable ... | 8.8 | HIGH | β | 0 |
| CVE-2020-37215 MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers c... | 7.5 | HIGH | β | 0 |
| CVE-2020-37214 Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in ... | 7.5 | HIGH | β | 0 |
| CVE-2020-37213 TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-b... | 7.5 | HIGH | β | 0 |
| CVE-2020-37212 SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste ... | 7.5 | HIGH | β | 0 |
| CVE-2020-37211 SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character... | 7.5 | HIGH | β | 0 |
| CVE-2020-37210 SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste i... | 7.5 | HIGH | β | 0 |
| CVE-2020-37209 SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload a... | 7.5 | HIGH | β | 0 |
| CVE-2020-37208 SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste i... | 7.5 | HIGH | β | 0 |
| CVE-2020-37207 SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload a... | 7.5 | HIGH | β | 0 |
| CVE-2020-37206 ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer paylo... | 7.5 | HIGH | β | 0 |
| CVE-2020-37205 RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buff... | 7.5 | HIGH | β | 0 |
| CVE-2020-37204 RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and ... | 7.5 | HIGH | β | 0 |
| CVE-2020-37203 Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially ... | 7.5 | HIGH | β | 0 |
| CVE-2020-37202 NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buff... | 7.5 | HIGH | β | 0 |
| CVE-2020-37201 NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and past... | 7.5 | HIGH | β | 0 |
| CVE-2020-37200 NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 100... | 7.5 | HIGH | β | 0 |
| CVE-2020-37199 NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and pa... | 7.5 | HIGH | β | 0 |
| CVE-2020-37198 Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generat... | 7.5 | HIGH | β | 0 |
| CVE-2020-37197 Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-characte... | 7.5 | HIGH | β | 0 |
| CVE-2020-37196 Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-cha... | 7.5 | HIGH | β | 0 |
| CVE-2020-37195 BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer paylo... | 7.5 | HIGH | β | 0 |
| CVE-2020-37194 Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-characte... | 7.5 | HIGH | β | 0 |
| CVE-2020-37193 ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared t... | 7.5 | HIGH | β | 0 |
| CVE-2020-37192 MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab... | 6.2 | MEDIUM | β | 0 |
| CVE-2020-37191 Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vul... | 7.5 | HIGH | β | 0 |
| CVE-2020-37190 Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerabilit... | 7.5 | HIGH | β | 0 |
| CVE-2020-37189 TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload ... | 7.5 | HIGH | β | 0 |
| CVE-2020-37188 SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A'... | 7.5 | HIGH | β | 0 |
| CVE-2020-37187 SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload ... | 7.5 | HIGH | β | 0 |
| CVE-2020-37186 Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database ta... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37185 Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character paylo... | 7.5 | HIGH | β | 0 |
| CVE-2020-37184 Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37183 Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. At... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37182 Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.