Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-47745 Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit t... | 8.8 | HIGH | β | 0 |
| CVE-2021-47747 meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters... | 8.8 | HIGH | β | 0 |
| CVE-2025-15393 A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API ... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-15394 A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument confi... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-34468 libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-7331 A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-7332 PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server d... | N/A | NONE | β | 0 |
| CVE-2025-15398 A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Su... | 3.7 | LOW | β | 0 |
| CVE-2025-34469 Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these comm... | 7.5 | HIGH | β | 0 |
| CVE-2025-68700 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged authenticated user (normal login account) can execute arbitrary system commands on ... | 8.8 | HIGH | β | 0 |
| CVE-2025-69286 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth)... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22199 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22200 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22201 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22202 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-69288 Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a Node... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-67703 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contai... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-67704 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contai... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-67705 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contai... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-67708 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contai... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-67709 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contai... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-22203 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-67710 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contai... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-67711 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contai... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-69412 KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is ... | 3.4 | LOW | β | 0 |
| CVE-2025-22154 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22155 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22180 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22181 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22182 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22183 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22184 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22185 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22186 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22187 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22188 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22189 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22190 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22191 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22192 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22193 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22194 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22195 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-22196 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2025-11157 A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/k... | N/A | NONE | β | 0 |
| CVE-2026-0544 A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql inject... | 7.3 | HIGH | β | 0 |
| CVE-2025-15404 A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. The manipulation of the argument File... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-15405 A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14428 The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.