Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-20637 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Ta... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25566 TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a mal... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25288 StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the ... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25286 Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can inp... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25284 HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Attackers can trig... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-22721 VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative ac... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25437 Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-58344 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allo... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37086 Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploi... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37170 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address fi... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-28544 Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37166 AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-28539 Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-36364 IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-26066 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infini... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-0005 In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permi... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-26283 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37171 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username ... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-48585 In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-48587 In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-25971 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs,... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-41762 An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates. | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25326 ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte b... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37164 AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character pay... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37165 AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character pay... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25240 Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-40312 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicou... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-0049 In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution priv... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25660 LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feat... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25597 NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers c... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-25168 Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25665 River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can ... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25252 FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can crea... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25555 TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer.... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25683 FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can t... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25667 TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively lo... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-31053 A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple t... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25553 CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed ... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25253 Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Att... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25659 ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 ... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-13044 IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-25169 Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-29066 Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. Thi... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-58341 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allo... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25239 Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buff... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-1757 A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25305 librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the ... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-58340 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allo... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-32072 Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37128 ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversiz... | 6.2 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.