Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2009-1308 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript... | N/A | NONE | — | 0 |
| CVE-2009-1309 Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrap... | N/A | NONE | — | 0 |
| CVE-2009-1310 Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javas... | N/A | NONE | — | 0 |
| CVE-2009-1311 Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an oute... | N/A | NONE | — | 0 |
| CVE-2009-1312 Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via ve... | N/A | NONE | — | 0 |
| CVE-2009-1361 dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details... | N/A | NONE | — | 0 |
| CVE-2009-1362 SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this informa... | N/A | NONE | — | 0 |
| CVE-2008-6743 RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.ph... | N/A | NONE | — | 0 |
| CVE-2025-50861 The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-50862 The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a r... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-51965 OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering thro... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-8979 A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulatio... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-8451 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all ver... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-8980 A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient ve... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-55718 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-55719 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-55720 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-55721 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-6025 The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation... | 7.5 | HIGH | — | 0 |
| CVE-2025-8342 The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in ... | 8.1 | HIGH | — | 0 |
| CVE-2025-8676 The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This mak... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-8680 The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it po... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-8867 The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This is due to insufficien... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9340 Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/p... | N/A | NONE | — | 0 |
| CVE-2025-6679 The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthent... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-8013 The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possi... | 3.8 | LOW | — | 0 |
| CVE-2025-8604 The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insu... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9020 A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the ... | 4.5 | MEDIUM | — | 0 |
| CVE-2025-5844 The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-7507 The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied thro... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-7641 The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpo... | 7.5 | HIGH | — | 0 |
| CVE-2025-9027 A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument deName leads to sql inj... | 7.3 | HIGH | — | 0 |
| CVE-2025-7662 The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user s... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-7688 The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-me... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-7778 The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to,... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-8080 The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and ou... | 4.4 | MEDIUM | — | 0 |
| CVE-2009-1367 Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than ... | N/A | NONE | — | 0 |
| CVE-2025-8720 The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitizatio... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-8905 The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is due to the plugin no... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-26709 There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interfac... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-9046 A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-bas... | 8.8 | HIGH | — | 0 |
| CVE-2025-1929 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injec... | 7.2 | HIGH | — | 0 |
| CVE-2025-54473 An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature. | N/A | NONE | — | 0 |
| CVE-2025-54474 A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands. | N/A | NONE | — | 0 |
| CVE-2025-54475 A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. | N/A | NONE | — | 0 |
| CVE-2024-12573 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-24752 Reason: This candidate is a reservation duplicate of CVE-2025-24752. Notes: All CVE users should reference CV... | N/A | NONE | — | 0 |
| CVE-2025-55203 Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacker... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-5046 A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read s... | 7.8 | HIGH | — | 0 |
| CVE-2025-5047 A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensit... | 7.8 | HIGH | — | 0 |
| CVE-2025-8675 Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6. | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.