Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2008-0012 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product'... | N/A | NONE | β | 0 |
| CVE-2008-0013 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product'... | N/A | NONE | β | 0 |
| CVE-2008-0014 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product'... | N/A | NONE | β | 0 |
| CVE-2008-4415 Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors. | N/A | NONE | β | 0 |
| CVE-2008-4832 rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exi... | N/A | NONE | β | 0 |
| CVE-2008-5025 Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash... | N/A | NONE | β | 0 |
| CVE-2008-5111 Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (pa... | N/A | NONE | β | 0 |
| CVE-2008-5112 The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitte... | N/A | NONE | β | 0 |
| CVE-2008-5113 WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) ... | N/A | NONE | β | 0 |
| CVE-2008-5114 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified ... | N/A | NONE | β | 0 |
| CVE-2008-5115 Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for request... | N/A | NONE | β | 0 |
| CVE-2008-5116 Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem... | N/A | NONE | β | 0 |
| CVE-2008-5117 Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unsp... | N/A | NONE | β | 0 |
| CVE-2008-5118 Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "f... | N/A | NONE | β | 0 |
| CVE-2008-5119 Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | N/A | NONE | β | 0 |
| CVE-2008-5120 Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string. | N/A | NONE | β | 0 |
| CVE-2025-8166 A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Reque... | 7.3 | HIGH | β | 0 |
| CVE-2008-5121 dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote... | N/A | NONE | β | 0 |
| CVE-2008-5122 SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter. | N/A | NONE | β | 0 |
| CVE-2008-5123 SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter. | N/A | NONE | β | 0 |
| CVE-2008-5124 JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks. | N/A | NONE | β | 0 |
| CVE-2008-5125 admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | N/A | NONE | β | 0 |
| CVE-2006-4924 sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not... | N/A | NONE | β | 0 |
| CVE-2006-5004 Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2008-5126 Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | N/A | NONE | β | 0 |
| CVE-2008-5127 Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to... | N/A | NONE | β | 0 |
| CVE-2024-13631 The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against ... | 7.1 | HIGH | β | 0 |
| CVE-2025-8167 A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.p... | 3.5 | LOW | β | 0 |
| CVE-2024-13632 The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used again... | 7.1 | HIGH | β | 0 |
| CVE-2006-2940 OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2)... | N/A | NONE | β | 0 |
| CVE-2025-23554 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/... | 7.1 | HIGH | β | 0 |
| CVE-2022-40912 ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to t... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-68036 Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27. | 7.5 | HIGH | β | 0 |
| CVE-2022-40942 Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40929 XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scrip... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3193 An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger o... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-40294 The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. | 8.8 | HIGH | β | 0 |
| CVE-2022-42230 Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. | 7.2 | HIGH | β | 0 |
| CVE-2025-23837 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in martinjuhasz One Backend Language one-backend-language allows Reflected XSS.This issue affects One... | 7.1 | HIGH | β | 0 |
| CVE-2022-42235 A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-42236 A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-40868 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/ | 9.8 | CRITICAL | β | 0 |
| CVE-2025-23838 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rally Vincent Bauernregeln bauernregeln allows Reflected XSS.This issue affects Bauernregeln: from... | 7.1 | HIGH | β | 0 |
| CVE-2022-42238 A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | 8.8 | HIGH | β | 0 |
| CVE-2024-9770 The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 4.7 | MEDIUM | β | 0 |
| CVE-2022-41535 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. | 7.2 | HIGH | β | 0 |
| CVE-2025-1452 The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even ... | 3.5 | LOW | β | 0 |
| CVE-2022-35094 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. | 5.5 | MEDIUM | β | 0 |
| CVE-2024-8854 The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-12683 The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting ... | 3.5 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.