Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-31895 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paulrosen ABC Notation abc-notation allows Stored XSS.This issue affects ABC Notation: from n/a th... | N/A | NONE | β | 0 |
| CVE-2025-21923 In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must clean up the client_hdev used ... | 7.8 | HIGH | β | 0 |
| CVE-2025-21929 In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` drive... | 7.8 | HIGH | β | 0 |
| CVE-2025-21967 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_free_work_struct ->interim_entry of ksmbd_work could be deleted after oplock is freed. We don't... | 7.8 | HIGH | β | 0 |
| CVE-2025-25041 A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allo... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-27829 An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some o... | 7.3 | HIGH | β | 0 |
| CVE-2018-1472 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was erroneously associated with an open source vulnerability by another vendor. | N/A | NONE | β | 0 |
| CVE-2025-26054 Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field during LAN configuration. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-26056 A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the m... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-31137 React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using... | N/A | NONE | β | 0 |
| CVE-2025-3096 Clinicβs Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page. | N/A | NONE | β | 0 |
| CVE-2025-29069 A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space trans... | 7.3 | HIGH | β | 0 |
| CVE-2003-20001 An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges infor... | 5.6 | MEDIUM | β | 0 |
| CVE-2024-13941 A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-29033 An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter. | 7.3 | HIGH | β | 0 |
| CVE-2025-29036 An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component. | 5.9 | MEDIUM | β | 0 |
| CVE-2025-29049 Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function. | 6.3 | MEDIUM | β | 0 |
| CVE-2025-29070 A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this becau... | 7.5 | HIGH | β | 0 |
| CVE-2025-31550 Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3... | 5.8 | MEDIUM | β | 0 |
| CVE-2022-24816 JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as th... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2025-31889 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a thr... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-3066 Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2025-3068 Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severit... | 8.8 | HIGH | β | 0 |
| CVE-2025-3069 Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Mediu... | 8.8 | HIGH | β | 0 |
| CVE-2025-3070 Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security s... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-3071 Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-3072 Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafte... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-3073 Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted H... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-3074 Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 5.4 | MEDIUM | β | 0 |
| CVE-2025-2779 The Insert Headers and Footers Code β HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions u... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-25060 Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by... | N/A | NONE | β | 0 |
| CVE-2025-27244 AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated att... | N/A | NONE | β | 0 |
| CVE-2025-0415 A remote attacker with web administrator privileges can exploit the deviceβs web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the devi... | N/A | NONE | β | 0 |
| CVE-2025-0676 This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems... | N/A | NONE | β | 0 |
| CVE-2024-13637 The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. T... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-2483 The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βreceip_addressβ parameter in all versions up to, and including, 1.1.0 due to insufficient inp... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-2513 The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-3063 The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update... | 8.8 | HIGH | β | 0 |
| CVE-2025-3097 The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the 'wpTimeMac... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-3098 The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and outpu... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-3099 The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-31728 Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-1805 Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-30090 mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true. | 7.2 | HIGH | β | 0 |
| CVE-2025-31723 A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-31724 Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-31725 Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the J... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-31726 Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-31727 Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Re... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-20118 In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need... | 6.7 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.