Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-37009 MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpo... | 8.8 | HIGH | — | 0 |
| CVE-2020-37010 BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37011 Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially cra... | 7.5 | HIGH | — | 0 |
| CVE-2020-37012 Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious La... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1589 A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch cause... | 7.3 | HIGH | — | 0 |
| CVE-2026-1590 A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sql... | 7.3 | HIGH | — | 0 |
| CVE-2026-1593 A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipul... | 7.3 | HIGH | — | 0 |
| CVE-2026-1594 A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2025-13905 CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installat... | N/A | NONE | — | 0 |
| CVE-2025-71011 An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-0936 An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is pro... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-63652 A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server... | 7.5 | HIGH | — | 0 |
| CVE-2025-63653 An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the s... | 7.5 | HIGH | — | 0 |
| CVE-2025-63655 A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to ... | 7.5 | HIGH | — | 0 |
| CVE-2025-63656 An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the ser... | 7.5 | HIGH | — | 0 |
| CVE-2025-63657 An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the ... | 7.5 | HIGH | — | 0 |
| CVE-2025-63658 A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the serve... | 7.5 | HIGH | — | 0 |
| CVE-2025-69516 A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged... | 8.8 | HIGH | — | 0 |
| CVE-2025-69604 An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and F... | 7.8 | HIGH | — | 0 |
| CVE-2026-22806 vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created wit... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-1665 A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment va... | N/A | NONE | — | 0 |
| CVE-2026-24714 Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. | N/A | NONE | — | 0 |
| CVE-2026-24728 A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrat... | N/A | NONE | — | 0 |
| CVE-2026-24729 An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system comm... | N/A | NONE | — | 0 |
| CVE-2026-25090 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25091 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25092 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25093 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25094 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25095 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25096 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25097 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-12899 A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential info... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25211 Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. | 3.2 | LOW | — | 0 |
| CVE-2025-1395 Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects Hey... | 8.2 | HIGH | — | 0 |
| CVE-2025-26385 Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability co... | N/A | NONE | — | 0 |
| CVE-2025-13176 Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. | N/A | NONE | — | 0 |
| CVE-2020-37019 Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embe... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-37022 OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , en... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-37030 Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted ... | 7.8 | HIGH | — | 0 |
| CVE-2020-37058 Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that wil... | 7.8 | HIGH | — | 0 |
| CVE-2020-37059 Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious... | 7.8 | HIGH | — | 0 |
| CVE-2020-37060 Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit th... | 7.8 | HIGH | — | 0 |
| CVE-2026-1689 A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login I... | 7.3 | HIGH | — | 0 |
| CVE-2025-62349 Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enablin... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-11175 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension a... | N/A | NONE | — | 0 |
| CVE-2026-23835 LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowin... | N/A | NONE | — | 0 |
| CVE-2025-24293 # Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The d... | N/A | NONE | — | 0 |
| CVE-2026-1723 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498... | N/A | NONE | — | 0 |
| CVE-2026-25130 Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function... | 9.6 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.