Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-67949 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through <... | 7.1 | HIGH | — | 0 |
| CVE-2025-67947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdFore... | 7.1 | HIGH | — | 0 |
| CVE-2025-69054 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super... | 7.1 | HIGH | — | 0 |
| CVE-2025-68004 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: fr... | 7.1 | HIGH | — | 0 |
| CVE-2025-68871 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3... | 7.1 | HIGH | — | 0 |
| CVE-2025-68883 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affe... | 7.1 | HIGH | — | 0 |
| CVE-2025-69053 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects... | 7.1 | HIGH | — | 0 |
| CVE-2026-21939 Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon ... | 7.0 | HIGH | — | 0 |
| CVE-2026-21417 Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vul... | 7.0 | HIGH | — | 0 |
| CVE-2025-13917 WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevate... | 7.0 | HIGH | — | 0 |
| CVE-2026-21219 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-68119 Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom do... | 7.0 | HIGH | — | 0 |
| CVE-2026-20836 Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-20808 Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-20801 In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interact... | 7.0 | HIGH | — | 0 |
| CVE-2026-21221 Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally... | 7.0 | HIGH | — | 0 |
| CVE-2026-20814 Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-20815 Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally... | 7.0 | HIGH | — | 0 |
| CVE-2026-20830 Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally... | 7.0 | HIGH | — | 0 |
| CVE-2026-20842 Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-20863 Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-20869 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-20943 Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-61037 A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The flaw is a Time-of-Check Time-of-Use (TOCTOU) race condition in the license management logic. Th... | 7.0 | HIGH | — | 0 |
| CVE-2025-20779 In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interactio... | 7.0 | HIGH | — | 0 |
| CVE-2026-23191 In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the str... | 7.0 | HIGH | — | 0 |
| CVE-2025-71203 In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the sysc... | 7.0 | HIGH | — | 0 |
| CVE-2026-25087 Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-b... | 7.0 | HIGH | — | 0 |
| CVE-2026-20617 A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may ... | 7.0 | HIGH | — | 0 |
| CVE-2025-71221 In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free w... | 7.0 | HIGH | — | 0 |
| CVE-2026-26157 A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may wri... | 7.0 | HIGH | — | 0 |
| CVE-2026-2516 A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled sea... | 7.0 | HIGH | — | 0 |
| CVE-2026-24051 OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The res... | 7.0 | HIGH | — | 0 |
| CVE-2026-21241 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-26158 A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or s... | 7.0 | HIGH | — | 0 |
| CVE-2026-2538 A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled... | 7.0 | HIGH | — | 0 |
| CVE-2026-21242 Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-21234 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-21508 Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-2542 A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipula... | 7.0 | HIGH | — | 0 |
| CVE-2026-21253 Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-21237 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-15569 A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search pa... | 7.0 | HIGH | — | 0 |
| CVE-2026-31998 OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attack... | 7.0 | HIGH | — | 0 |
| CVE-2026-32608 Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These... | 7.0 | HIGH | — | 0 |
| CVE-2026-25170 Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-32016 OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploit... | 7.0 | HIGH | — | 0 |
| CVE-2026-4545 A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The at... | 7.0 | HIGH | — | 0 |
| CVE-2026-32611 Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0) addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use par... | 7.0 | HIGH | — | 0 |
| CVE-2026-25171 Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.