Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-57799 StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct mali... | N/A | NONE | β | 0 |
| CVE-2025-9786 A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results... | 7.3 | HIGH | β | 0 |
| CVE-2025-9375 XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. | N/A | NONE | β | 0 |
| CVE-2025-9788 A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_class.php. Executing ma... | 7.3 | HIGH | β | 0 |
| CVE-2025-52551 E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system. | N/A | NONE | β | 0 |
| CVE-2025-9791 A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based b... | 8.8 | HIGH | β | 0 |
| CVE-2025-9792 A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /e_dashboard/e_all_info.php. Such manipulation of the... | 7.3 | HIGH | β | 0 |
| CVE-2025-9793 A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing manipulation o... | 7.3 | HIGH | β | 0 |
| CVE-2025-9794 A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the arg... | 7.3 | HIGH | β | 0 |
| CVE-2025-9795 A vulnerability has been found in xujeff tianti 倩撯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipu... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-36904 WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43707 An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the ... | 7.7 | HIGH | β | 0 |
| CVE-2024-43710 A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying req... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-52972 An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43708 An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with re... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-52325 ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. | 9.6 | CRITICAL | β | 0 |
| CVE-2024-11147 ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. | 7.6 | HIGH | β | 0 |
| CVE-2024-12078 ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. | 6.3 | MEDIUM | β | 0 |
| CVE-2024-12079 ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. | 3.3 | LOW | β | 0 |
| CVE-2024-39750 IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the syste... | 8.8 | HIGH | β | 0 |
| CVE-2024-52327 The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-52328 ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that u... | 2.3 | LOW | β | 0 |
| CVE-2024-52329 ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens. | 7.4 | HIGH | β | 0 |
| CVE-2024-52330 ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. | 7.4 | HIGH | β | 0 |
| CVE-2024-52331 ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and instal... | 7.5 | HIGH | β | 0 |
| CVE-2025-23012 Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was release... | 7.5 | HIGH | β | 0 |
| CVE-2025-0693 Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-41757 IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit t... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-0698 A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been classified as critical. Affected is an unknown function of the file /admin/sys/menu/list. Th... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-0699 A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-0700 A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/s... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-0701 A vulnerability classified as critical has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This affects an unknown part of the file /admin/sys/user/list. The manipulat... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-35122 IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint w... | 2.8 | LOW | β | 0 |
| CVE-2025-0742 An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" o... | 5.8 | MEDIUM | β | 0 |
| CVE-2025-0702 A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/contr... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-0703 A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/ma... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-0704 A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/githu... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-0705 A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-0706 A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sy... | 2.4 | LOW | β | 0 |
| CVE-2025-49728 Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. | 4.0 | MEDIUM | β | 0 |
| CVE-2024-10628 The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the βidβ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including,... | 7.5 | HIGH | β | 0 |
| CVE-2025-0720 A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rts... | 3.3 | LOW | β | 0 |
| CVE-2024-22316 IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-0135 NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability ... | 7.6 | HIGH | β | 0 |
| CVE-2024-0136 NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulne... | 7.6 | HIGH | β | 0 |
| CVE-2024-0137 NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the hostβs network namespace. This vulnerability... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-0797 A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quar... | 3.3 | LOW | β | 0 |
| CVE-2025-0798 A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Han... | 8.1 | HIGH | β | 0 |
| CVE-2024-41140 Zohocorp ManageEngine Applications Manager versionsΒ 174000 and prior are vulnerable to the incorrect authorization in the update user function. | 8.1 | HIGH | β | 0 |
| CVE-2025-0851 A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.