Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-55085 GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-42241 An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php. | 3.8 | LOW | β | 0 |
| CVE-2024-55451 A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded ... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-55452 A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-12239 The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-11993 Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML vi... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-55056 A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-55057 Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-55058 An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-55059 A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-1419 Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed inΒ 2.17.5 v... | N/A | NONE | β | 0 |
| CVE-2024-56169 A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employe... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-56170 A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, ... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-11614 An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio... | N/A | NONE | β | 0 |
| CVE-2024-55086 In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. | 7.2 | HIGH | β | 0 |
| CVE-2024-55088 GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. | 8.8 | HIGH | β | 0 |
| CVE-2024-36694 OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. | 7.2 | HIGH | β | 0 |
| CVE-2025-25958 Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-25960 Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-25676 Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-25678 Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-25679 Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. | 8.0 | HIGH | β | 0 |
| CVE-2025-1543 A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulati... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-1548 A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argumen... | 3.5 | LOW | β | 0 |
| CVE-2025-25505 Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-25507 There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-25510 Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-25765 MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do. | 4.0 | MEDIUM | β | 0 |
| CVE-2025-25766 An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | 4.8 | MEDIUM | β | 0 |
| CVE-2025-25875 A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /message.php. The attack can use SQL injection to obtain sensitive data. | 6.4 | MEDIUM | β | 0 |
| CVE-2025-25876 A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /delete.php. The attack can use SQL injection to obtain sensitive data. | 7.2 | HIGH | β | 0 |
| CVE-2025-25877 A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data. | 3.8 | LOW | β | 0 |
| CVE-2025-25878 A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data. | 3.8 | LOW | β | 0 |
| CVE-2020-19248 SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, t... | 5.1 | MEDIUM | β | 0 |
| CVE-2025-25604 Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-25605 Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-25768 MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-25769 Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java. | 8.0 | HIGH | β | 0 |
| CVE-2025-25770 Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java. | 6.8 | MEDIUM | β | 0 |
| CVE-2025-26622 vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating fi... | 7.5 | HIGH | β | 0 |
| CVE-2025-27104 vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multi... | 7.5 | HIGH | β | 0 |
| CVE-2025-27105 vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an acce... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-1488 The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url suppli... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-25192 GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-27135 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sen... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22211 A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management a... | 3.4 | LOW | β | 0 |
| CVE-2025-25514 Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-25515 Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database. | 8.8 | HIGH | β | 0 |
| CVE-2025-25516 Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-25517 Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.