Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-29062 jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser... | 7.5 | HIGH | β | 0 |
| CVE-2026-29073 SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even rea... | 8.8 | HIGH | β | 0 |
| CVE-2026-25180 Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-29074 SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and b... | 7.5 | HIGH | β | 0 |
| CVE-2026-29183 SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint "GET /api/icon/getDynamicIcon" when typ... | 9.3 | CRITICAL | β | 0 |
| CVE-2026-2330 An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covere... | 9.4 | CRITICAL | β | 0 |
| CVE-2026-2331 An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem direct... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2830 The WP All Import β Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βfilepathβ parameter in all versions up to, and ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-23925 An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized... | N/A | NONE | β | 0 |
| CVE-2026-20998 Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | N/A | NONE | β | 0 |
| CVE-2026-1468 QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with vic... | N/A | NONE | β | 0 |
| CVE-2024-35644 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Langu... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-28080 Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through 3.0.95... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-28106 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a before 5.4.20. | 4.7 | MEDIUM | β | 0 |
| CVE-2018-25161 Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName... | 8.2 | HIGH | β | 0 |
| CVE-2018-25162 2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upl... | 6.5 | MEDIUM | β | 0 |
| CVE-2018-25163 BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in for... | 8.2 | HIGH | β | 0 |
| CVE-2018-25164 EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send ... | 7.5 | HIGH | β | 0 |
| CVE-2018-25165 Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attack... | 7.1 | HIGH | β | 0 |
| CVE-2018-25166 Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attac... | 8.2 | HIGH | β | 0 |
| CVE-2018-25168 Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attac... | 4.3 | MEDIUM | β | 0 |
| CVE-2018-25169 AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket conne... | 7.5 | HIGH | β | 0 |
| CVE-2018-25170 DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can ... | 8.2 | HIGH | β | 0 |
| CVE-2018-25171 EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET req... | 8.2 | HIGH | β | 0 |
| CVE-2018-25172 Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET... | 8.2 | HIGH | β | 0 |
| CVE-2018-25173 Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET req... | 8.2 | HIGH | β | 0 |
| CVE-2018-25174 ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft... | 5.3 | MEDIUM | β | 0 |
| CVE-2018-25175 Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Atta... | 8.2 | HIGH | β | 0 |
| CVE-2018-25176 Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search en... | 8.2 | HIGH | β | 0 |
| CVE-2026-25181 Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | β | 0 |
| CVE-2018-25177 Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers... | 5.3 | MEDIUM | β | 0 |
| CVE-2018-25178 Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests ... | 7.5 | HIGH | β | 0 |
| CVE-2018-25179 Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can ... | 8.2 | HIGH | β | 0 |
| CVE-2018-25180 Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail... | 7.1 | HIGH | β | 0 |
| CVE-2018-25181 Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory trave... | 7.5 | HIGH | β | 0 |
| CVE-2018-25182 Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Atta... | 8.2 | HIGH | β | 0 |
| CVE-2018-25184 Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory t... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25186 Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can c... | 5.3 | MEDIUM | β | 0 |
| CVE-2018-25187 Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db d... | 8.2 | HIGH | β | 0 |
| CVE-2018-25188 Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers... | 8.2 | HIGH | β | 0 |
| CVE-2018-25189 Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit ... | 8.2 | HIGH | β | 0 |
| CVE-2018-25190 Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malic... | 5.3 | MEDIUM | β | 0 |
| CVE-2018-25191 Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. Attacker... | 7.1 | HIGH | β | 0 |
| CVE-2018-25192 GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can subm... | 8.2 | HIGH | β | 0 |
| CVE-2018-25193 Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connec... | 7.5 | HIGH | β | 0 |
| CVE-2018-25194 Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can se... | 8.2 | HIGH | β | 0 |
| CVE-2018-25196 ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST ... | 8.2 | HIGH | β | 0 |
| CVE-2018-25197 PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can se... | 8.2 | HIGH | β | 0 |
| CVE-2018-25199 OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inj... | 8.2 | HIGH | β | 0 |
| CVE-2026-22457 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue ... | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.