Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-48509 Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory ... | N/A | NONE | β | 0 |
| CVE-2025-36552 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | β | 0 |
| CVE-2025-48517 Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potenti... | N/A | NONE | β | 0 |
| CVE-2025-54514 Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. | N/A | NONE | β | 0 |
| CVE-2026-26044 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25015 Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25343 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1. | 5.9 | MEDIUM | β | 0 |
| CVE-2025-63652 A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server... | 7.5 | HIGH | β | 0 |
| CVE-2026-25068 alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function rea... | N/A | NONE | β | 0 |
| CVE-2026-25046 Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command s... | 2.9 | LOW | β | 0 |
| CVE-2026-25117 pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to ... | N/A | NONE | β | 0 |
| CVE-2026-1637 A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer ove... | 8.8 | HIGH | β | 0 |
| CVE-2026-1498 An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed a... | N/A | NONE | β | 0 |
| CVE-2025-9226 Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. | 4.6 | MEDIUM | β | 0 |
| CVE-2024-4027 A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. Th... | 7.5 | HIGH | β | 0 |
| CVE-2025-4686 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assess... | 8.6 | HIGH | β | 0 |
| CVE-2025-7964 After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a βnetwork leaveβ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state... | N/A | NONE | β | 0 |
| CVE-2026-1686 A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argum... | 8.8 | HIGH | β | 0 |
| CVE-2020-37019 Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embe... | 6.4 | MEDIUM | β | 0 |
| CVE-2020-37022 OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , en... | 6.4 | MEDIUM | β | 0 |
| CVE-2020-37030 Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted ... | 7.8 | HIGH | β | 0 |
| CVE-2020-37058 Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that wil... | 7.8 | HIGH | β | 0 |
| CVE-2020-37059 Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious... | 7.8 | HIGH | β | 0 |
| CVE-2020-37060 Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit th... | 7.8 | HIGH | β | 0 |
| CVE-2025-62349 Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enablin... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-36098 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resou... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-36123 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3Β could allow a local user to cause a denial of service when copying large table containing XML data... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-36184 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)Β 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unn... | 7.2 | HIGH | β | 0 |
| CVE-2025-36353 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special el... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-36424 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-36427 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-36428 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of s... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-36442 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a speci... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-25232 NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37052 AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injectio... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37053 Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the ... | 7.1 | HIGH | β | 0 |
| CVE-2020-37054 Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrator... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-37056 Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP va... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15510 The NEX-Forms β Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15525 The Ajax Load More β Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1431 The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and in... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-37047 Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can ... | 7.8 | HIGH | β | 0 |
| CVE-2025-71186 In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux pl... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71182 In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23032 In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, th... | N/A | NONE | β | 0 |
| CVE-2026-23033 In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma... | N/A | NONE | β | 0 |
| CVE-2026-23034 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in us... | N/A | NONE | β | 0 |
| CVE-2026-23035 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profil... | N/A | NONE | β | 0 |
| CVE-2026-23036 In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before iget_failed() in btrfs_read_locked_inode() In btrfs_read_locked_inode() if we fail to lookup the inode,... | N/A | NONE | β | 0 |
| CVE-2026-23037 In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of U... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.