Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-20778 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 7.8 | HIGH | β | 0 |
| CVE-2025-20779 In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interactio... | 7.0 | HIGH | β | 0 |
| CVE-2025-20780 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 7.8 | HIGH | β | 0 |
| CVE-2025-20781 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 7.8 | HIGH | β | 0 |
| CVE-2025-20787 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20782 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20783 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20784 In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User inter... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20785 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20786 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20795 In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. U... | 7.8 | HIGH | β | 0 |
| CVE-2025-20796 In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. Us... | 7.8 | HIGH | β | 0 |
| CVE-2025-20797 In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 7.8 | HIGH | β | 0 |
| CVE-2025-20798 In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 7.8 | HIGH | β | 0 |
| CVE-2025-20799 In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction ... | 7.8 | HIGH | β | 0 |
| CVE-2025-20800 In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 7.8 | HIGH | β | 0 |
| CVE-2025-20801 In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interact... | 7.0 | HIGH | β | 0 |
| CVE-2025-20802 In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interac... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20803 In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interact... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20804 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction i... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20805 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction i... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-11723 The Appointment Booking Calendar β Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via th... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-20806 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction i... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20807 In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User intera... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-21673 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vuln... | 7.8 | HIGH | β | 0 |
| CVE-2026-21674 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This... | 3.3 | LOW | β | 0 |
| CVE-2026-21675 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11370 The Popup and Slider Builder by Depicter β Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-21748 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21749 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21750 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-13409 The Form Vibes β Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-13652 The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the βorderbyβ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13746 The ForumWP β Forum & Discussion Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User's Display Name in all versions up to, and including, 2.1.6 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14034 The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-14153 The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0 due to insuffi... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13215 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficien... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0604 The FastDup β Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dir_path' parameter in the 'njt-fastdup/v... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21485 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue i... | 8.8 | HIGH | β | 0 |
| CVE-2026-21486 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wrapa... | 7.8 | HIGH | β | 0 |
| CVE-2026-21487 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-21676 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks t... | 8.8 | HIGH | β | 0 |
| CVE-2026-21677 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets ... | 8.8 | HIGH | β | 0 |
| CVE-2026-21744 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21745 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21746 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21747 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-14120 The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files.... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14438 The Xagio SEO β AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it p... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.