Vulnerabilidades CVE

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() wi...

A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac ...

A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injecti...

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1.5 due to...

The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and including, 1.5. This is due to insufficient input sanit...

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL validation. When a submitted job completes (succes...

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography photography allows Path Traversal.This issue affects Photography: from n/a through < 7.7.6.

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users ...

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives...

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privile...

The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile() function in all versions up to, and inc...

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interp...

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input...

The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to...

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The EN_tyid POST ...

Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a throu...

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the Save...

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the '...

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through...

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulat...

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2  and Archer AXE75 v1.0. Successful exploitation could allow a...

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals withou...

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. ...

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACE_NAME pa...

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pluginRunDatabaseScript.json.php` endpoint accepts a `name` parameter via POST and passes it to `Plugin...

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.0.0 through 2.63.1, the hook system in File Browser — wh...

A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The...

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires...

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acces...

Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. Wh...

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SERVER['HTTP_HOST'] directly into the Message-ID SMT...

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selec...

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability ...

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution (RCE) vulnerability...

OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can byp...

Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documen...

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perf...

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (statu...

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send...

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attack...

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only acce...

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves,...

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes ...

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — `objects/categoryAddNew.json.php`, `objects/categoryDelete.json.php`, and `objects/pluginRun...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici Li...

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who ca...

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Subscribe::save()` method in `objects/subscribe.php` concatenates the `$this->users_id` property directly into ...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Se...

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET ...