Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-0534 A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A mali... | 7.1 | HIGH | — | 0 |
| CVE-2025-69102 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: ... | 7.1 | HIGH | — | 0 |
| CVE-2025-30631 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builde... | 7.1 | HIGH | — | 0 |
| CVE-2021-47872 SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' paramet... | 7.1 | HIGH | — | 0 |
| CVE-2025-68894 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a throug... | 7.1 | HIGH | — | 0 |
| CVE-2025-68883 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affe... | 7.1 | HIGH | — | 0 |
| CVE-2025-69384 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdiscover Timeline Event History timeline-event-history allows Reflected XSS.This issue affects T... | 7.1 | HIGH | — | 0 |
| CVE-2025-68012 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/... | 7.1 | HIGH | — | 0 |
| CVE-2025-68884 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Re... | 7.1 | HIGH | — | 0 |
| CVE-2025-68010 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63. | 7.1 | HIGH | — | 0 |
| CVE-2025-68846 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affec... | 7.1 | HIGH | — | 0 |
| CVE-2025-68011 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affe... | 7.1 | HIGH | — | 0 |
| CVE-2025-68891 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a thr... | 7.1 | HIGH | — | 0 |
| CVE-2025-68835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.3... | 7.1 | HIGH | — | 0 |
| CVE-2026-23547 Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS... | 7.1 | HIGH | — | 0 |
| CVE-2025-68873 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects... | 7.1 | HIGH | — | 0 |
| CVE-2025-68874 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor... | 7.1 | HIGH | — | 0 |
| CVE-2025-68887 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows ... | 7.1 | HIGH | — | 0 |
| CVE-2025-68889 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pinpoll Pinpoll pinpoll allows Reflected XSS.This issue affects Pinpoll: from n/a through <= 4.0.0... | 7.1 | HIGH | — | 0 |
| CVE-2025-68479 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. T... | 7.1 | HIGH | — | 0 |
| CVE-2025-59137 Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5. | 7.1 | HIGH | — | 0 |
| CVE-2025-49346 Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Simple Archive Generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through 5.2. | 7.1 | HIGH | — | 0 |
| CVE-2025-15069 Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 3.0.1 | 7.1 | HIGH | — | 0 |
| CVE-2026-23986 Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe fe... | 7.1 | HIGH | — | 0 |
| CVE-2026-23976 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula... | 7.1 | HIGH | — | 0 |
| CVE-2020-36947 LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnera... | 7.1 | HIGH | — | 0 |
| CVE-2025-23608 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omar Mohamed Mohamoud LIVE TV allows Reflected XSS.This issue affects LIVE TV: from n/a through 1.... | 7.1 | HIGH | — | 0 |
| CVE-2025-15396 The Library Viewer WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used a... | 7.1 | HIGH | — | 0 |
| CVE-2026-24046 Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with ac... | 7.1 | HIGH | — | 0 |
| CVE-2025-68069 Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10. | 7.1 | HIGH | — | 0 |
| CVE-2025-49342 Cross-Site Request Forgery (CSRF) vulnerability in Wolfgang Häfelinger Custom Style allows Stored XSS.This issue affects Custom Style: from n/a through 1.0. | 7.1 | HIGH | — | 0 |
| CVE-2025-68843 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Schuiling FeedWordPress Advanced Filters faf allows Reflected XSS.This issue affects FeedWordP... | 7.1 | HIGH | — | 0 |
| CVE-2026-23843 teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct O... | 7.1 | HIGH | — | 0 |
| CVE-2026-22249 Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/sr... | 7.1 | HIGH | — | 0 |
| CVE-2025-64769 The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middl... | 7.1 | HIGH | — | 0 |
| CVE-2025-49343 Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr allows Stored XSS.This issue affects Social Profilr: from n/a through 1.0. | 7.1 | HIGH | — | 0 |
| CVE-2025-49344 Cross-Site Request Forgery (CSRF) vulnerability in Rene Ade SensitiveTagCloud allows Stored XSS.This issue affects SensitiveTagCloud: from n/a through 1.4.1. | 7.1 | HIGH | — | 0 |
| CVE-2026-21687 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | — | 0 |
| CVE-2026-21686 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | — | 0 |
| CVE-2026-21685 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | — | 0 |
| CVE-2026-21684 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | — | 0 |
| CVE-2026-21681 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | — | 0 |
| CVE-2026-24410 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | — | 0 |
| CVE-2025-69220 LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker wi... | 7.1 | HIGH | — | 0 |
| CVE-2025-49345 Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through 3.1.2. | 7.1 | HIGH | — | 0 |
| CVE-2026-24409 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | — | 0 |
| CVE-2025-23667 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christopher Churchill allows Reflected XSS.This issue affects custom-post-edit: from n/a through 1... | 7.1 | HIGH | — | 0 |
| CVE-2025-23705 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Zielke Zielke Design Project Gallery allows Reflected XSS.This issue affects Zielke Design P... | 7.1 | HIGH | — | 0 |
| CVE-2025-23707 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matamko En Masse allows Reflected XSS.This issue affects En Masse: from n/a through 1.0. | 7.1 | HIGH | — | 0 |
| CVE-2025-23719 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zckevin ZhinaTwitterWidget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a th... | 7.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.