Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-36384 IBM Db2 for Windowsย 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. | 8.4 | HIGH | โ | 0 |
| CVE-2025-36387 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36407 IBMยฎ Db2ยฎ is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-1703 When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation dire... | N/A | NONE | โ | 0 |
| CVE-2020-37023 Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with sy... | 8.8 | HIGH | โ | 0 |
| CVE-2020-37024 Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious pa... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37025 Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malici... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37026 Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submi... | 5.3 | MEDIUM | โ | 0 |
| CVE-2020-37027 Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicio... | 9.8 | CRITICAL | โ | 0 |
| CVE-2020-37028 Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can cra... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37029 FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with caref... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37031 Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37041 OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with p... | 7.5 | HIGH | โ | 0 |
| CVE-2020-37042 Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37043 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the v... | 9.8 | CRITICAL | โ | 0 |
| CVE-2020-37044 OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicio... | 5.4 | MEDIUM | โ | 0 |
| CVE-2020-37046 Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attacker... | 5.3 | MEDIUM | โ | 0 |
| CVE-2020-37049 Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the... | 8.4 | HIGH | โ | 0 |
| CVE-2020-37050 Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger th... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-0683 The SupportCandy โ Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. Th... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-1251 The SupportCandy โ Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'add_reply' func... | 5.4 | MEDIUM | โ | 0 |
| CVE-2025-71181 In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb... | 5.5 | MEDIUM | โ | 0 |
| CVE-2026-23027 In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_de... | N/A | NONE | โ | 0 |
| CVE-2026-23028 In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device... | N/A | NONE | โ | 0 |
| CVE-2026-23029 In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_de... | N/A | NONE | โ | 0 |
| CVE-2026-23030 In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_p... | N/A | NONE | โ | 0 |
| CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploi... | 6.4 | MEDIUM | โ | 0 |
| CVE-2026-23038 In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versio... | N/A | NONE | โ | 0 |
| CVE-2026-23039 In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets bo... | N/A | NONE | โ | 0 |
| CVE-2025-14554 The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1.5 due to... | 7.2 | HIGH | โ | 0 |
| CVE-2026-1165 The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish_unpublish_popup... | 4.3 | MEDIUM | โ | 0 |
| CVE-2026-25069 SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequ... | N/A | NONE | โ | 0 |
| CVE-2021-47856 Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search... | 6.4 | MEDIUM | โ | 0 |
| CVE-2021-47914 PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can ex... | 6.4 | MEDIUM | โ | 0 |
| CVE-2021-47915 PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidate... | 8.1 | HIGH | โ | 0 |
| CVE-2021-47916 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | โ | 0 |
| CVE-2021-47917 Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and edi... | 6.4 | MEDIUM | โ | 0 |
| CVE-2021-47918 Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters ... | 8.1 | HIGH | โ | 0 |
| CVE-2021-47919 Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrar... | 6.4 | MEDIUM | โ | 0 |
| CVE-2021-47920 WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filte... | 5.4 | MEDIUM | โ | 0 |
| CVE-2021-47921 Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can ex... | 6.5 | MEDIUM | โ | 0 |
| CVE-2020-37048 Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can e... | 7.8 | HIGH | โ | 0 |
| CVE-2020-37055 SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service pa... | 7.8 | HIGH | โ | 0 |
| CVE-2020-37061 BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquot... | 7.8 | HIGH | โ | 0 |
| CVE-2020-37062 DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place maliciou... | 7.8 | HIGH | โ | 0 |
| CVE-2020-37063 TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path ... | 7.8 | HIGH | โ | 0 |
| CVE-2020-37064 EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the ... | 7.8 | HIGH | โ | 0 |
| CVE-2026-1733 A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id ... | 4.3 | MEDIUM | โ | 0 |
| CVE-2026-1738 A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr c... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-1739 A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer ... | 5.3 | MEDIUM | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.