Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-6711 An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 ve... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-6712 MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal op... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-6713 An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may l... | 7.7 | HIGH | β | 0 |
| CVE-2025-6714 MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue a... | 7.5 | HIGH | β | 0 |
| CVE-2025-45479 Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-53374 Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profi... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-53375 Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik proces... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-53376 Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands... | 8.8 | HIGH | β | 0 |
| CVE-2025-7259 An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-6044 An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and acce... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-40711 SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion para... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40712 SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion para... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40713 SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter i... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-48799 Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-27203 Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does re... | 9.6 | CRITICAL | β | 0 |
| CVE-2025-7200 A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quant... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7207 A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Ha... | 3.3 | LOW | β | 0 |
| CVE-2025-49604 For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 20... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-53959 In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible | 7.6 | HIGH | β | 0 |
| CVE-2025-52837 Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic... | 7.8 | HIGH | β | 0 |
| CVE-2025-53378 A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affect... | 7.6 | HIGH | β | 0 |
| CVE-2025-53503 Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | 7.8 | HIGH | β | 0 |
| CVE-2025-45662 A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a cra... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-53864 Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of... | 5.8 | MEDIUM | β | 0 |
| CVE-2025-7491 A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-o... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-50928 Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function. | 4.8 | MEDIUM | β | 0 |
| CVE-2025-7492 A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage-incomingve... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7520 A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Parking Management System 1.13. This issue affects some unknown processing of the file /admin/manage-category.ph... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7521 A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/index.php. The manipulation of the... | 7.3 | HIGH | β | 0 |
| CVE-2025-7522 A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bwdates-re... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7559 A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-report-result.php. The manipulatio... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7561 A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. This issue affects some unknown processing of the file /admin/team-ontheway-requests.php. The m... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7593 A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID... | 7.3 | HIGH | β | 0 |
| CVE-2025-7594 A vulnerability was found in code-projects Job Diary 1.0. It has been classified as critical. This affects an unknown part of the file /view-emp.php. The manipulation of the argument ID leads to sql i... | 7.3 | HIGH | β | 0 |
| CVE-2025-7610 A vulnerability was found in code-projects Electricity Billing System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/change_password.php. The ma... | 7.3 | HIGH | β | 0 |
| CVE-2025-50756 Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-53015 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion com... | 7.5 | HIGH | β | 0 |
| CVE-2025-34111 An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows r... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-23904 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rebrandpress Rebrand Fluent Forms rebrand-fluent-forms allows Reflected XSS.This issue affects Reb... | N/A | NONE | β | 0 |
| CVE-2025-52046 Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated att... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-51497 An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-53644 OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG imag... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-46102 Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remote attacker to obtain sensitive inf... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-7759 A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the compo... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-6226 Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated use... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-6233 Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin ... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-6227 Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization pay... | 2.2 | LOW | β | 0 |
| CVE-2025-46001 An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-46002 An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-46000 An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.