Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-15415 A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of th... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-15416 A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Rem... | 2.4 | LOW | β | 0 |
| CVE-2025-15420 A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. Th... | 7.3 | HIGH | β | 0 |
| CVE-2025-15421 A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the ... | 7.3 | HIGH | β | 0 |
| CVE-2025-15422 A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-14047 The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission β WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-14998 The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's iden... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15423 A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The at... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-15426 A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted uploa... | 7.3 | HIGH | β | 0 |
| CVE-2025-15436 A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql inje... | 7.3 | HIGH | β | 0 |
| CVE-2025-15428 A weakness has been identified in UTT θΏε 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It ... | 8.8 | HIGH | β | 0 |
| CVE-2025-12685 The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13153 The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role a... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-13456 The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against h... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-14072 The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15429 A security vulnerability has been detected in UTT θΏε 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the... | 8.8 | HIGH | β | 0 |
| CVE-2025-15434 A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to laun... | 7.3 | HIGH | β | 0 |
| CVE-2025-15435 A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql injecti... | 7.3 | HIGH | β | 0 |
| CVE-2026-0546 A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. Th... | 7.3 | HIGH | β | 0 |
| CVE-2026-0547 A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registrati... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-55374 REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-44013 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launc... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-45286 A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-47208 An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then explo... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-52426 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabilit... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-52430 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabilit... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-22518 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: fr... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-53591 A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploi... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-53592 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launc... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-53593 A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modi... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-53596 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabilit... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-54164 An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-54165 An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-54166 An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-57705 An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-62857 A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-52871 An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have alrea... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-53594 A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpecte... | N/A | NONE | β | 0 |
| CVE-2025-53597 A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash proce... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-59380 A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-59381 A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-59387 An SQL injection vulnerability has been reported to affect MARS (Multi-Application Recovery Service). The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. ... | N/A | NONE | β | 0 |
| CVE-2025-62852 A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modi... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-67268 gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67269 An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, th... | 7.5 | HIGH | β | 0 |
| CVE-2025-9110 An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit th... | 7.5 | HIGH | β | 0 |
| CVE-2025-15439 A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulatio... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-34094 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | β | 0 |
| CVE-2025-34122 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | β | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.