Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-54322 In the Linux kernel, the following vulnerability has been resolved: arm64: set __exception_irq_entry with __irq_entry as a default filter_irq_stacks() is supposed to cut entries which are related ir... | N/A | NONE | β | 0 |
| CVE-2023-54323 In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxl_pci; modprobe -r cxl_pci; done ...fa... | N/A | NONE | β | 0 |
| CVE-2025-15249 A weakness has been identified in zhujunliang3 work_platform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipul... | 3.5 | LOW | β | 0 |
| CVE-2023-54325 In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data... | N/A | NONE | β | 0 |
| CVE-2023-54326 In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_test_remove(), freeing the IRQs after removing the d... | N/A | NONE | β | 0 |
| CVE-2024-58242 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2024. Notes: none. | N/A | NONE | β | 0 |
| CVE-2024-58243 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2024. Notes: none. | N/A | NONE | β | 0 |
| CVE-2024-58244 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2024. Notes: none. | N/A | NONE | β | 0 |
| CVE-2024-58245 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2024. Notes: none. | N/A | NONE | β | 0 |
| CVE-2024-58246 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2024. Notes: none. | N/A | NONE | β | 0 |
| CVE-2024-58247 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2024. Notes: none. | N/A | NONE | β | 0 |
| CVE-2025-14426 The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15248 A security flaw has been discovered in sunhailin12315 product-review εεθ―δ»·η³»η» up to 91ead6890b4065bb45b7602d0d73348e75cb4639. This affects an unknown part of the component Write a Review. Performing man... | 3.5 | LOW | β | 0 |
| CVE-2025-15252 A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/g... | 8.8 | HIGH | β | 0 |
| CVE-2025-15253 A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based b... | 8.8 | HIGH | β | 0 |
| CVE-2025-61557 nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal. | 7.5 | HIGH | β | 0 |
| CVE-2025-15256 A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manip... | 7.3 | HIGH | β | 0 |
| CVE-2025-65925 An issue was discovered in Zeroheight (SaaS) prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unver... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-15353 A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument U... | 7.3 | HIGH | β | 0 |
| CVE-2025-66848 JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68618 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-68926 RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token `"rustfs rpc"` that is publicly e... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68950 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a s... | 4.0 | MEDIUM | β | 0 |
| CVE-2025-69204 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attribute... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-56332 Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration | 9.1 | CRITICAL | β | 0 |
| CVE-2025-65409 A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password. | 7.5 | HIGH | β | 0 |
| CVE-2025-65411 A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter. | 7.5 | HIGH | β | 0 |
| CVE-2025-15264 A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can ... | 7.3 | HIGH | β | 0 |
| CVE-2025-66824 A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via t... | 8.7 | HIGH | β | 0 |
| CVE-2025-66834 A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name. | 7.3 | HIGH | β | 0 |
| CVE-2025-66835 TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context. | 7.1 | HIGH | β | 0 |
| CVE-2025-53414 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabilit... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-15354 A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can l... | 7.3 | HIGH | β | 0 |
| CVE-2025-50343 An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66823 An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-69257 theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-14986 When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather... | N/A | NONE | β | 0 |
| CVE-2025-14987 When system.enableCrossNamespaceCommands is enabled (on by default), the Temporal server permits certain workflow task commands (e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, Requ... | N/A | NONE | β | 0 |
| CVE-2025-15356 A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerS... | 8.8 | HIGH | β | 0 |
| CVE-2025-15357 A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The at... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-66723 inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths. | 7.5 | HIGH | β | 0 |
| CVE-2025-15360 A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product In... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-50691 MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-50694 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arb... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-50695 SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can... | 7.5 | HIGH | β | 0 |
| CVE-2022-50696 SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these st... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-50787 SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers ... | 7.2 | HIGH | β | 0 |
| CVE-2022-50788 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directo... | 7.5 | HIGH | β | 0 |
| CVE-2022-50789 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenti... | 7.8 | HIGH | β | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.