Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-24375 Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users cred... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-2845 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-3023 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-3102 The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'se... | 8.1 | HIGH | — | 0 |
| CVE-2006-0263 Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln#... | N/A | NONE | — | 0 |
| CVE-2025-2719 The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data du... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-2805 The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that doe... | 7.3 | HIGH | — | 0 |
| CVE-2025-2809 The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to exe... | 7.3 | HIGH | — | 0 |
| CVE-2025-3417 The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in... | 8.8 | HIGH | — | 0 |
| CVE-2025-2873 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Further investigation showed that it was not a security issue. The issue relates to a session attribute used... | N/A | NONE | — | 0 |
| CVE-2009-0863 SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. | N/A | NONE | — | 0 |
| CVE-2024-13909 The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient esc... | 4.9 | MEDIUM | — | 0 |
| CVE-2009-0864 S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. | N/A | NONE | — | 0 |
| CVE-2009-0865 Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite a... | N/A | NONE | — | 0 |
| CVE-2009-0866 pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php. | N/A | NONE | — | 0 |
| CVE-2009-0867 The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection. | N/A | NONE | — | 0 |
| CVE-2009-0868 CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via ... | N/A | NONE | — | 0 |
| CVE-2009-0081 The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate ... | N/A | NONE | — | 0 |
| CVE-2009-0082 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges v... | 7.8 | HIGH | — | 0 |
| CVE-2009-0083 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers us... | N/A | NONE | — | 0 |
| CVE-2009-0085 The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication ... | N/A | NONE | — | 0 |
| CVE-2009-0191 Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers t... | N/A | NONE | — | 0 |
| CVE-2009-0836 Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote... | N/A | NONE | — | 0 |
| CVE-2009-0837 Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the f... | N/A | NONE | — | 0 |
| CVE-2009-0869 Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial... | N/A | NONE | — | 0 |
| CVE-2025-27081 A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-23386 A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2... | 7.8 | HIGH | — | 0 |
| CVE-2025-22374 A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched ... | N/A | NONE | — | 0 |
| CVE-2025-22375 An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerabili... | N/A | NONE | — | 0 |
| CVE-2025-1073 Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device. | 7.5 | HIGH | — | 0 |
| CVE-2025-25197 Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS pa... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-27812 MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. | 8.1 | HIGH | — | 0 |
| CVE-2025-27813 MSI Center before 2.0.52.0 has Missing PE Signature Validation. | 8.1 | HIGH | — | 0 |
| CVE-2025-32395 Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on N... | N/A | NONE | — | 0 |
| CVE-2025-32743 In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of se... | 9.0 | CRITICAL | — | 0 |
| CVE-2025-29150 BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-32382 Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase (either updating a password or changing password to private ke... | N/A | NONE | — | 0 |
| CVE-2025-22232 Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: * ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-32697 Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permission... | N/A | NONE | — | 0 |
| CVE-2025-32700 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includ... | N/A | NONE | — | 0 |
| CVE-2025-32807 A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon para... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-0121 A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use thi... | N/A | NONE | — | 0 |
| CVE-2025-0122 A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet p... | N/A | NONE | — | 0 |
| CVE-2025-0125 An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate anot... | N/A | NONE | — | 0 |
| CVE-2025-0126 When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user.... | N/A | NONE | — | 0 |
| CVE-2025-0127 A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is o... | N/A | NONE | — | 0 |
| CVE-2025-0128 A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initia... | N/A | NONE | — | 0 |
| CVE-2025-32757 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-32758 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-32759 Rejected reason: Not used | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.