Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-54201 Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user intera... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-54202 Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user intera... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-54203 Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user intera... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-54204 Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user intera... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-54205 Substance3D - Sampler versions 5.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interac... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-54206 InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o... | 7.8 | HIGH | β | 0 |
| CVE-2025-54207 InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Ex... | 7.8 | HIGH | β | 0 |
| CVE-2025-54222 Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | β | 0 |
| CVE-2025-54208 InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o... | 7.8 | HIGH | β | 0 |
| CVE-2025-54209 InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | β | 0 |
| CVE-2025-54210 InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o... | 7.8 | HIGH | β | 0 |
| CVE-2025-54211 InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | β | 0 |
| CVE-2025-54212 InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | β | 0 |
| CVE-2025-54213 InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o... | 7.8 | HIGH | β | 0 |
| CVE-2025-9168 A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client... | 3.5 | LOW | β | 0 |
| CVE-2009-0163 Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIF... | N/A | NONE | β | 0 |
| CVE-2009-0166 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of un... | N/A | NONE | β | 0 |
| CVE-2009-0195 Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary s... | N/A | NONE | β | 0 |
| CVE-2009-0662 The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrar... | N/A | NONE | β | 0 |
| CVE-2025-9132 Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2025-9169 A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site ... | 3.5 | LOW | β | 0 |
| CVE-2025-9170 A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name... | 3.5 | LOW | β | 0 |
| CVE-2025-9171 A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argume... | 3.5 | LOW | β | 0 |
| CVE-2025-9193 A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open... | 3.5 | LOW | β | 0 |
| CVE-2024-12223 Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim userβs session and perform actions in ... | N/A | NONE | β | 0 |
| CVE-2025-54364 Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)... | N/A | NONE | β | 0 |
| CVE-2025-8141 The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up to,... | 8.8 | HIGH | β | 0 |
| CVE-2025-8145 The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the get_lead_fields ... | 8.8 | HIGH | β | 0 |
| CVE-2025-8289 The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the delete_associate... | 7.5 | HIGH | β | 0 |
| CVE-2025-57742 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-57743 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-57744 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-57745 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-57746 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-57747 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-57748 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-53522 Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker. | N/A | NONE | β | 0 |
| CVE-2025-54551 Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privileg... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-55706 URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead... | N/A | NONE | β | 0 |
| CVE-2025-8618 The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosq_btn shortcode in all versions up to, and including, 4.2.1 due to insuf... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-9202 The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and includi... | 4.3 | MEDIUM | β | 0 |
| CVE-2009-0664 Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in... | N/A | NONE | β | 0 |
| CVE-2009-0799 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file tha... | N/A | NONE | β | 0 |
| CVE-2009-0800 Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code v... | N/A | NONE | β | 0 |
| CVE-2009-1179 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF... | N/A | NONE | β | 0 |
| CVE-2009-1180 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers ... | N/A | NONE | β | 0 |
| CVE-2009-1181 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file tha... | N/A | NONE | β | 0 |
| CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a... | N/A | NONE | β | 0 |
| CVE-2009-1183 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a... | N/A | NONE | β | 0 |
| CVE-2023-21476 Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. | 8.0 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.