Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-50194 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.3... | 7.2 | HIGH | β | 0 |
| CVE-2025-50195 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in versio... | 7.2 | HIGH | β | 0 |
| CVE-2025-50196 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This ... | 7.2 | HIGH | β | 0 |
| CVE-2025-50197 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This iss... | 7.2 | HIGH | β | 0 |
| CVE-2025-50198 Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST cou... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-50199 Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30. | 9.1 | CRITICAL | β | 0 |
| CVE-2025-52468 Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization o... | 8.8 | HIGH | β | 0 |
| CVE-2025-52469 Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamiloβs social network module allows an authenticated user to forcibly add ... | 7.1 | HIGH | β | 0 |
| CVE-2025-52470 Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by impro... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-52475 Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-52476 Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/u... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-52563 Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/a... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-52564 Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as under... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-52998 Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classe... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66880 Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) mod... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0689 In ExtremeCloud IQ β Site Engine (XIQβSE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTT... | N/A | NONE | β | 0 |
| CVE-2026-24101 An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24110 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule,... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24112 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28403 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP... | 7.6 | HIGH | β | 0 |
| CVE-2026-28412 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-47371 Transient DOS when an LTE RLC packet with invalid TB is received by UE. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-47373 Memory Corruption when accessing buffers with invalid length during TA invocation. | 7.8 | HIGH | β | 0 |
| CVE-2025-47375 Memory corruption while handling different IOCTL calls from the user-space simultaneously. | 7.8 | HIGH | β | 0 |
| CVE-2025-47376 Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. | 7.8 | HIGH | β | 0 |
| CVE-2025-47377 Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. | 7.8 | HIGH | β | 0 |
| CVE-2025-47378 Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. | 7.1 | HIGH | β | 0 |
| CVE-2025-47381 Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs. | 7.8 | HIGH | β | 0 |
| CVE-2025-47383 Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. | 7.2 | HIGH | β | 0 |
| CVE-2025-47384 Transient DOS when MAC configures config id greater than supported maximum value. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-47385 Memory Corruption when accessing trusted execution environment without proper privilege check. | 7.8 | HIGH | β | 0 |
| CVE-2025-47386 Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. | 7.8 | HIGH | β | 0 |
| CVE-2025-59600 Memory Corruption when adding user-supplied data without checking available buffer space. | 7.8 | HIGH | β | 0 |
| CVE-2025-59603 Memory Corruption when processing invalid user address with nonstandard buffer address. | 7.8 | HIGH | β | 0 |
| CVE-2025-64427 ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticate... | 7.1 | HIGH | β | 0 |
| CVE-2025-70252 An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is wor... | 7.5 | HIGH | β | 0 |
| CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tab... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-24105 An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into do... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26700 sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26708 sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28286 ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from cr... | 8.5 | HIGH | β | 0 |
| CVE-2026-28357 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI::() patterns are rend... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-28358 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enu... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-28359 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap edito... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-28360 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issu... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-28361 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-28396 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refre... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28397 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-28398 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stor... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-28399 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This iss... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.