Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-36537 Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigge... | 7.0 | HIGH | β | 0 |
| CVE-2025-6568 A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request H... | 8.8 | HIGH | β | 0 |
| CVE-2021-41691 A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-44531 An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection a... | 7.5 | HIGH | β | 0 |
| CVE-2024-56918 In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-4378 Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This is... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-56916 In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated a... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-53073 In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's tea... | 4.2 | MEDIUM | β | 0 |
| CVE-2025-2566 Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server... | N/A | NONE | β | 0 |
| CVE-2025-5087 Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can ... | N/A | NONE | β | 0 |
| CVE-2024-37743 An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-56917 Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode. | 7.1 | HIGH | β | 0 |
| CVE-2025-52880 Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, eith... | 4.2 | MEDIUM | β | 0 |
| CVE-2025-52882 Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable... | N/A | NONE | β | 0 |
| CVE-2025-52888 Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to v... | 7.5 | HIGH | β | 0 |
| CVE-2025-53021 A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication an... | 4.2 | MEDIUM | β | 0 |
| CVE-2025-6555 Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 5.4 | MEDIUM | β | 0 |
| CVE-2025-6556 Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | 5.4 | MEDIUM | β | 0 |
| CVE-2025-6557 Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code v... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-52572 Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own T... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-52883 Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any ot... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-0966 IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete inform... | 7.6 | HIGH | β | 0 |
| CVE-2025-52884 RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and sup... | N/A | NONE | β | 0 |
| CVE-2025-36004 IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run... | 8.8 | HIGH | β | 0 |
| CVE-2025-5585 The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-url` DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficien... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-43880 Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service (DoS) condition. | N/A | NONE | β | 0 |
| CVE-2024-51979 An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TC... | 7.2 | HIGH | β | 0 |
| CVE-2024-51980 An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SS... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-51981 An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Ad... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-44915 A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login_err... | 7.1 | HIGH | β | 0 |
| CVE-2024-51982 An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reis... | 7.5 | HIGH | β | 0 |
| CVE-2024-51983 An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. ... | 7.5 | HIGH | β | 0 |
| CVE-2024-51984 An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-41255 Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user w... | 8.0 | HIGH | β | 0 |
| CVE-2025-41256 Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered w... | 7.4 | HIGH | β | 0 |
| CVE-2025-41647 A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text und... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-5927 The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including... | 7.5 | HIGH | β | 0 |
| CVE-2025-6603 A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e. It has been rated as problematic. Affected by this issue is the function qcow_make_empty of the file qCU... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-4457 The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server. | 9.1 | CRITICAL | β | 0 |
| CVE-2024-27685 SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdat... | 7.1 | HIGH | β | 0 |
| CVE-2025-20264 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-50178 GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function f... | N/A | NONE | β | 0 |
| CVE-2025-52479 HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10... | N/A | NONE | β | 0 |
| CVE-2025-6614 A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. ... | 8.8 | HIGH | β | 0 |
| CVE-2025-6615 A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulati... | 8.8 | HIGH | β | 0 |
| CVE-2025-20282 A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the un... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-49151 The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. | N/A | NONE | β | 0 |
| CVE-2025-49152 The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system. | N/A | NONE | β | 0 |
| CVE-2025-49153 The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2025-52569 GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.re... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.