Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-48417 Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilte... | 5.2 | MEDIUM | β | 0 |
| CVE-2024-48418 In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with acce... | 8.8 | HIGH | β | 0 |
| CVE-2024-48419 Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pi... | 8.8 | HIGH | β | 0 |
| CVE-2024-48420 Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic. | 8.8 | HIGH | β | 0 |
| CVE-2024-12163 The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-12400 The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. | 7.1 | HIGH | β | 0 |
| CVE-2025-23216 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kuber... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-0961 A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php... | 3.5 | LOW | β | 0 |
| CVE-2025-23428 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arash Safari QMean β WordPress Did You Mean qmean allows Reflected XSS.This issue affects QMean β ... | 7.1 | HIGH | β | 0 |
| CVE-2024-57498 Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function. | 4.8 | MEDIUM | β | 0 |
| CVE-2025-25064 SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter... | 8.8 | HIGH | β | 0 |
| CVE-2025-25065 SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-13332 The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against h... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-22204 Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22205 Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. | 7.5 | HIGH | β | 0 |
| CVE-2025-22208 A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-24860 Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAutho... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-22206 A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-48019 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-35138 IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmi... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-1114 A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of th... | 3.5 | LOW | β | 0 |
| CVE-2025-1155 A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-25193 Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a d... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-1162 A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /\_parse/load\_user-profile.php. The manipulation of the argument u... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-1167 A vulnerability was found in Mayuri K Employee Management System up to 192.168.70.3 and classified as critical. Affected by this issue is some unknown functionality of the file /hr_soft/admin/Update_U... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-25522 Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target... | 7.3 | HIGH | β | 0 |
| CVE-2022-3180 The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accoun... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26369 A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to use... | 8.8 | HIGH | β | 0 |
| CVE-2024-46922 An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_parser_bos in the Xclipse Driver. | 7.5 | HIGH | β | 0 |
| CVE-2024-46923 An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_ib_fill in the Xclipse Driver. | 7.5 | HIGH | β | 0 |
| CVE-2024-57603 An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting. | 6.3 | MEDIUM | β | 0 |
| CVE-2024-57604 An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-0692 The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site S... | 3.5 | LOW | β | 0 |
| CVE-2025-25899 A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (... | 3.5 | LOW | β | 0 |
| CVE-2025-25900 A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial o... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-26157 A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST r... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-26158 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to ex... | 5.6 | MEDIUM | β | 0 |
| CVE-2025-22209 A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' param... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-1373 A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The man... | 3.3 | LOW | β | 0 |
| CVE-2025-1378 A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads... | 3.3 | LOW | β | 0 |
| CVE-2024-57050 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11714. Reason: This candidate is a reservation duplicate of CVE-2018-11714. Notes: All CVE users should reference CVE-2018-11714... | N/A | NONE | β | 0 |
| CVE-2022-41545 The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-25946 An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-1557 A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the atta... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-1594 A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The ... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-25460 A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript pay... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-22210 A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area... | 7.2 | HIGH | β | 0 |
| CVE-2025-1067 There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4Β that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executab... | 7.3 | HIGH | β | 0 |
| CVE-2025-1068 There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious ex... | 7.3 | HIGH | β | 0 |
| CVE-2022-49152 In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_SH... | 4.7 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.