Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-37185 Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character paylo... | 7.5 | HIGH | โ | 0 |
| CVE-2020-37184 Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload... | 9.8 | CRITICAL | โ | 0 |
| CVE-2020-37183 Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. At... | 9.8 | CRITICAL | โ | 0 |
| CVE-2020-37182 Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer... | 7.5 | HIGH | โ | 0 |
| CVE-2020-37181 Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attacker... | 9.8 | CRITICAL | โ | 0 |
| CVE-2020-37180 GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-characte... | 7.5 | HIGH | โ | 0 |
| CVE-2020-37179 APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character... | 7.5 | HIGH | โ | 0 |
| CVE-2020-37178 KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML... | 7.5 | HIGH | โ | 0 |
| CVE-2020-37177 BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payl... | 7.5 | HIGH | โ | 0 |
| CVE-2020-37176 Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a ma... | 9.8 | CRITICAL | โ | 0 |
| CVE-2020-37175 P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buff... | 7.5 | HIGH | โ | 0 |
| CVE-2020-37173 AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive u... | 7.5 | HIGH | โ | 0 |
| CVE-2020-37172 AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious reque... | 5.3 | MEDIUM | โ | 0 |
| CVE-2020-37158 AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious reque... | 5.3 | MEDIUM | โ | 0 |
| CVE-2020-37156 BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a cr... | 6.5 | MEDIUM | โ | 0 |
| CVE-2020-37153 ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to in... | 9.8 | CRITICAL | โ | 0 |
| CVE-2020-37104 ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a li... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25313 FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML ... | 4.0 | MEDIUM | โ | 0 |
| CVE-2024-50618 A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to... | 4.3 | MEDIUM | โ | 0 |
| CVE-2024-26480 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter. | 7.5 | HIGH | โ | 0 |
| CVE-2024-26479 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function. | 5.3 | MEDIUM | โ | 0 |
| CVE-2024-26478 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. | 5.3 | MEDIUM | โ | 0 |
| CVE-2024-26477 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints. | 7.5 | HIGH | โ | 0 |
| CVE-2026-2323 Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 4.3 | MEDIUM | โ | 0 |
| CVE-2026-2322 Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted... | 5.4 | MEDIUM | โ | 0 |
| CVE-2026-2321 Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HT... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2320 Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-2319 Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit objec... | 7.5 | HIGH | โ | 0 |
| CVE-2026-2318 Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a c... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-2317 Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-2316 Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-2315 Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security ... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2314 Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | โ | 0 |
| CVE-2026-2313 Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | โ | 0 |
| CVE-2025-70297 A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an... | 6.1 | MEDIUM | โ | 0 |
| CVE-2025-70296 A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within ... | 5.4 | MEDIUM | โ | 0 |
| CVE-2025-69873 ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Poin... | 2.9 | LOW | โ | 0 |
| CVE-2025-69872 DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim appl... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-69871 A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation whe... | 8.1 | HIGH | โ | 0 |
| CVE-2026-2361 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample... | 8.0 | HIGH | โ | 0 |
| CVE-2026-2360 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operat... | 8.0 | HIGH | โ | 0 |
| CVE-2026-0229 A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OSยฎ software enables an unauthenticated attacker to initiate system reboots using a malici... | N/A | NONE | โ | 0 |
| CVE-2026-0228 An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not nor... | N/A | NONE | โ | 0 |
| CVE-2025-70085 An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_Fi... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-70084 Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function. | 7.5 | HIGH | โ | 0 |
| CVE-2025-70083 An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local bu... | 7.8 | HIGH | โ | 0 |
| CVE-2025-70029 An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP... | 7.5 | HIGH | โ | 0 |
| CVE-2025-69874 nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted ... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-65480 An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading... | 8.8 | HIGH | โ | 0 |
| CVE-2025-65128 A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and... | 8.1 | HIGH | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.