Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-54661 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-50488 Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack. | 7.1 | HIGH | β | 0 |
| CVE-2025-50489 Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. | 7.5 | HIGH | β | 0 |
| CVE-2025-50491 Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack. | 7.1 | HIGH | β | 0 |
| CVE-2025-50492 Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack. | 7.5 | HIGH | β | 0 |
| CVE-2025-54298 A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. | N/A | NONE | β | 0 |
| CVE-2025-54299 A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered. | N/A | NONE | β | 0 |
| CVE-2025-50484 Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack. | 7.1 | HIGH | β | 0 |
| CVE-2025-50487 Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack. | 7.1 | HIGH | β | 0 |
| CVE-2025-29534 An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The i... | 8.8 | HIGH | β | 0 |
| CVE-2025-50485 Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack. | 7.1 | HIGH | β | 0 |
| CVE-2025-54662 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-54663 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-54664 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-54665 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2014-125126 An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3... | N/A | NONE | β | 0 |
| CVE-2024-34328 An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL. | 6.3 | MEDIUM | β | 0 |
| CVE-2025-29557 ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP cred... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-34146 A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result... | N/A | NONE | β | 0 |
| CVE-2025-50270 A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to the title, category... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-50475 An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50849 CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. Howe... | 8.0 | HIGH | β | 0 |
| CVE-2025-51569 A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router's web interface. The /goform/goform_get_cmd_process endpoint fails to sanitize user input in the cm... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-52289 A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their ac... | 8.0 | HIGH | β | 0 |
| CVE-2025-8408 A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle... | 7.3 | HIGH | β | 0 |
| CVE-2025-29556 ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the ... | 7.3 | HIGH | β | 0 |
| CVE-2025-50847 Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-50848 A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the br... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-50850 An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematica... | 8.6 | HIGH | β | 0 |
| CVE-2025-50867 A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-52203 A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied in... | 7.6 | HIGH | β | 0 |
| CVE-2025-8409 A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation ... | 7.3 | HIGH | β | 0 |
| CVE-2025-50866 CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-51383 D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. | 3.5 | LOW | β | 0 |
| CVE-2025-51384 D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. | 3.5 | LOW | β | 0 |
| CVE-2025-51385 D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter. | 3.5 | LOW | β | 0 |
| CVE-2025-51503 A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browse... | 7.6 | HIGH | β | 0 |
| CVE-2025-8426 Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive informatio... | N/A | NONE | β | 0 |
| CVE-2025-37108 Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | 3.5 | LOW | β | 0 |
| CVE-2025-37109 Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | 3.5 | LOW | β | 0 |
| CVE-2025-37110 A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to ... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-37111 A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized ... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-54840 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-45770 jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is su... | 7.0 | HIGH | β | 0 |
| CVE-2025-8286 The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device. | N/A | NONE | β | 0 |
| CVE-2025-23289 NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A su... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-48071 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based ... | 7.8 | HIGH | β | 0 |
| CVE-2025-48072 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer over... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-48073 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image wi... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-8431 A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argume... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.