Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-41084 Stored Cross-Site Scripting (XSS) vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG ... | N/A | NONE | β | 0 |
| CVE-2025-14369 dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, al... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-40644 Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using ... | N/A | NONE | β | 0 |
| CVE-2025-40679 HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting... | N/A | NONE | β | 0 |
| CVE-2025-41024 Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-41025 Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-36556 A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code ex... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-44000 A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript co... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-46270 A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-53516 A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-53707 A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-53854 A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript c... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-53912 An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker ca... | 9.6 | CRITICAL | β | 0 |
| CVE-2025-54157 A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-54495 A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript c... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-54778 A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript cod... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-54814 A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javas... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-54817 A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code e... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-54852 A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript co... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-54853 A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-54861 A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript c... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-55071 A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58093 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58094 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58095 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0548 The Tutor LMS β eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the `delete_existing_user_photo` functi... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-0554 The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, an... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0608 The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input s... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0690 The FlatPM β Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rank_math_description' custom field in all versions up to, and including, 3.... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0726 The Nexter Extension β Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'n... | 8.1 | HIGH | β | 0 |
| CVE-2025-36397 IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-36408 IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-36409 IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-36410 IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security. | 3.1 | LOW | β | 0 |
| CVE-2025-36411 IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 3.5 | LOW | β | 0 |
| CVE-2025-36418 IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersona... | 7.3 | HIGH | β | 0 |
| CVE-2025-36419 IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-56353 In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker c... | 7.5 | HIGH | β | 0 |
| CVE-2025-64087 A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-55423 A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passe... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-65482 An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67824 The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-33228 NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if... | 7.3 | HIGH | β | 0 |
| CVE-2025-33229 NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Moni... | 7.3 | HIGH | β | 0 |
| CVE-2025-33230 NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A succes... | 7.3 | HIGH | β | 0 |
| CVE-2019-25610 NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attacke... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22429 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Verdure verdure allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
| CVE-2026-27952 Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sand... | 8.8 | HIGH | β | 0 |
| CVE-2026-27954 Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.p... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-27959 Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's `ctx.hostname` API performs naive parsing of the HTTP Host header, extracting everything before th... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.