Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-54163 NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code thr... | 7.5 | HIGH | β | 0 |
| CVE-2023-54327 Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit th... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-58315 Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the ... | 7.8 | HIGH | β | 0 |
| CVE-2024-58336 Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-58337 Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulne... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15271 FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fon... | N/A | NONE | β | 0 |
| CVE-2024-58338 Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-11961 pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the sup... | 1.9 | LOW | β | 0 |
| CVE-2025-11964 On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyo... | 1.9 | LOW | β | 0 |
| CVE-2025-15371 A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation w... | 7.8 | HIGH | β | 0 |
| CVE-2025-68131 cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reu... | 7.5 | HIGH | β | 0 |
| CVE-2025-15372 A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. T... | 2.4 | LOW | β | 0 |
| CVE-2025-15373 A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It ... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13029 The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users. | 7.5 | HIGH | β | 0 |
| CVE-2025-14434 The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX βload moreβ endpoints such as upk_alex_grid_loadmore_posts without ensuring that posts to be displayed a... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-69277 libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is ... | 4.5 | MEDIUM | β | 0 |
| CVE-2025-14783 The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied v... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15269 FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interac... | N/A | NONE | β | 0 |
| CVE-2025-15270 FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fon... | N/A | NONE | β | 0 |
| CVE-2025-15272 FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. ... | N/A | NONE | β | 0 |
| CVE-2025-15273 FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge.... | N/A | NONE | β | 0 |
| CVE-2025-15274 FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. ... | N/A | NONE | β | 0 |
| CVE-2025-15275 FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. ... | N/A | NONE | β | 0 |
| CVE-2025-15276 FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Font... | N/A | NONE | β | 0 |
| CVE-2025-15277 FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Font... | N/A | NONE | β | 0 |
| CVE-2025-15278 FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. Use... | N/A | NONE | β | 0 |
| CVE-2025-15279 FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Font... | N/A | NONE | β | 0 |
| CVE-2025-15280 FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interac... | N/A | NONE | β | 0 |
| CVE-2025-15017 A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface... | N/A | NONE | β | 0 |
| CVE-2025-1977 The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized c... | N/A | NONE | β | 0 |
| CVE-2025-2026 The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the deviceβs web API. This may lead ... | N/A | NONE | β | 0 |
| CVE-2025-15387 VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subseq... | 8.8 | HIGH | β | 0 |
| CVE-2025-15388 VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 8.8 | HIGH | β | 0 |
| CVE-2025-15389 VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 8.8 | HIGH | β | 0 |
| CVE-2020-36904 Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter.... | 7.5 | HIGH | β | 0 |
| CVE-2025-61037 A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The flaw is a Time-of-Check Time-of-Use (TOCTOU) race condition in the license management logic. Th... | 7.0 | HIGH | β | 0 |
| CVE-2025-64699 An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with ... | 7.8 | HIGH | β | 0 |
| CVE-2019-25262 A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Messa... | 3.5 | LOW | β | 0 |
| CVE-2025-15391 A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be i... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-15392 A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Exec... | 6.3 | MEDIUM | β | 0 |
| CVE-2020-36903 Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attacker... | 8.4 | HIGH | β | 0 |
| CVE-2025-22197 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22198 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2021-47725 STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidat... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-47726 NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attacke... | 7.5 | HIGH | β | 0 |
| CVE-2021-47740 KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session han... | 7.5 | HIGH | β | 0 |
| CVE-2021-47741 ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attacker... | 7.5 | HIGH | β | 0 |
| CVE-2021-47742 Epic Games Psyonix Rocket League <=1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage t... | 8.8 | HIGH | β | 0 |
| CVE-2021-47743 COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject mal... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.