Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-7402 Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) acti... | N/A | NONE | — | 0 |
| CVE-2025-0309 An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to... | N/A | NONE | — | 0 |
| CVE-2025-5941 Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may r... | N/A | NONE | — | 0 |
| CVE-2025-5942 Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys dr... | N/A | NONE | — | 0 |
| CVE-2025-3414 The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which c... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-6790 The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a C... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-8939 A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. ... | 8.8 | HIGH | — | 0 |
| CVE-2025-8940 A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time l... | 8.8 | HIGH | — | 0 |
| CVE-2025-8795 A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-8949 A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the ar... | 7.2 | HIGH | — | 0 |
| CVE-2025-27388 Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. | N/A | NONE | — | 0 |
| CVE-2025-48860 A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated p... | 8.0 | HIGH | — | 0 |
| CVE-2025-48861 A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-48862 Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if avail... | 7.1 | HIGH | — | 0 |
| CVE-2025-5998 The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-55346 User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simp... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-7761 Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser wh... | N/A | NONE | — | 0 |
| CVE-2025-8047 The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3... | 9.8 | CRITICAL | — | 0 |
| CVE-2015-0415 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Sess... | N/A | NONE | — | 0 |
| CVE-2025-28999 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Pag... | 7.1 | HIGH | — | 0 |
| CVE-2006-3917 PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter. | N/A | NONE | — | 0 |
| CVE-2006-3918 http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect h... | N/A | NONE | — | 0 |
| CVE-2006-3919 SQL injection vulnerability in index.php in SD Studio CMS allows remote attackers to execute arbitrary SQL commands via the (1) news_id, (2) tid, and (3) page_id parameters. | N/A | NONE | — | 0 |
| CVE-2023-5342 The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded. | 4.1 | MEDIUM | — | 0 |
| CVE-2025-8713 PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intend... | 3.1 | LOW | — | 0 |
| CVE-2025-8714 Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running p... | 8.8 | HIGH | — | 0 |
| CVE-2025-8715 Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql ... | 8.8 | HIGH | — | 0 |
| CVE-2024-53945 The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS comm... | 8.8 | HIGH | — | 0 |
| CVE-2024-53946 The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into... | 8.8 | HIGH | — | 0 |
| CVE-2025-43984 An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-7353 A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow re... | N/A | NONE | — | 0 |
| CVE-2025-7773 A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in ses... | N/A | NONE | — | 0 |
| CVE-2025-7774 A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perf... | N/A | NONE | — | 0 |
| CVE-2025-7973 A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which ru... | N/A | NONE | — | 0 |
| CVE-2025-9036 A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client l... | N/A | NONE | — | 0 |
| CVE-2025-26484 Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit thi... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-27845 In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27846 In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-27847 In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-36612 SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulne... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-36613 SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker w... | 2.8 | LOW | — | 0 |
| CVE-2025-38738 SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access coul... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-38745 Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remot... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-40758 A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible... | 8.7 | HIGH | — | 0 |
| CVE-2025-43983 KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauthe... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-7971 A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possibl... | N/A | NONE | — | 0 |
| CVE-2025-9041 A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing r... | N/A | NONE | — | 0 |
| CVE-2025-9042 A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing r... | N/A | NONE | — | 0 |
| CVE-2023-43694 An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issu... | 5.2 | MEDIUM | — | 0 |
| CVE-2025-33142 IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.