Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-15180 A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of ... | 7.2 | HIGH | β | 0 |
| CVE-2025-15181 A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation... | 7.3 | HIGH | β | 0 |
| CVE-2025-15182 A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead... | 7.3 | HIGH | β | 0 |
| CVE-2025-15183 A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfi... | 7.3 | HIGH | β | 0 |
| CVE-2025-15184 A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in s... | 7.3 | HIGH | β | 0 |
| CVE-2025-15185 A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the arg... | 7.3 | HIGH | β | 0 |
| CVE-2025-34985 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | β | 0 |
| CVE-2025-15186 A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argume... | 7.3 | HIGH | β | 0 |
| CVE-2025-15189 A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer... | 8.8 | HIGH | β | 0 |
| CVE-2025-15190 A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based... | 8.8 | HIGH | β | 0 |
| CVE-2025-15191 A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_ur... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-57460 File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15192 A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argu... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-15193 A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in ... | 8.8 | HIGH | β | 0 |
| CVE-2025-57462 Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-60458 UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially ca... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-65442 DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies)... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-65570 A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an βinstanceofβ expression uses an array element access as the left-hand operand inside a for-i... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68928 Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-68929 Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a specially crafted link. This ... | 9.0 | CRITICAL | β | 0 |
| CVE-2025-15194 A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15195 A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument lin... | 7.3 | HIGH | β | 0 |
| CVE-2025-56333 An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68951 phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in an administ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-69200 phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and th... | 7.5 | HIGH | β | 0 |
| CVE-2025-55061 CWE-434 Unrestricted Upload of File with Dangerous Type | 8.8 | HIGH | β | 0 |
| CVE-2025-55062 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | 4.8 | MEDIUM | β | 0 |
| CVE-2025-55063 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | 4.8 | MEDIUM | β | 0 |
| CVE-2025-69206 Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15196 A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The atta... | 7.3 | HIGH | β | 0 |
| CVE-2025-15197 A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing man... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-66861 An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file. | 2.5 | LOW | β | 0 |
| CVE-2025-66862 A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | 7.5 | HIGH | β | 0 |
| CVE-2025-66863 An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | 7.5 | HIGH | β | 0 |
| CVE-2025-66864 An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | 7.5 | HIGH | β | 0 |
| CVE-2025-66865 An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | 7.5 | HIGH | β | 0 |
| CVE-2025-55064 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | 4.8 | MEDIUM | β | 0 |
| CVE-2025-13592 The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attack... | 7.2 | HIGH | β | 0 |
| CVE-2025-14280 The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unaut... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15199 A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-15200 A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/so... | 2.4 | LOW | β | 0 |
| CVE-2025-15201 A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This ma... | 3.5 | LOW | β | 0 |
| CVE-2025-67254 NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php. | 7.5 | HIGH | β | 0 |
| CVE-2025-67255 In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability. | 8.8 | HIGH | β | 0 |
| CVE-2025-68706 A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplie... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25181 A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of... | 9.1 | CRITICAL | β | 0 |
| CVE-2024-30855 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php. | 8.8 | HIGH | β | 0 |
| CVE-2025-15202 A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation ... | 2.4 | LOW | β | 0 |
| CVE-2025-15203 A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation res... | 2.4 | LOW | β | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.