Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-20625 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An ap... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23442 In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU <... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32212 Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23369 In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. ... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-25606 Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can c... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25229 BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string.... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27258 DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31492 In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp completion before using it In irdma_create_qp, if ib_copy_to_udata fails, it will call irdma_destro... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25230 Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can pas... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31624 In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a val... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21340 Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sen... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33787 An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local atta... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-25559 SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attacke... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33786 An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33205 calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoin... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32810 Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23370 In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contai... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-37140 Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can g... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-39392 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htm... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-66484 IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31522 In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory leak in magicmouse_report_fixup() The magicmouse_report_fixup() function was returning a newly kmemd... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31524 In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated kmemdup()-all... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23368 In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33905 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an sp... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5475 A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31529 In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __construct_region() Failing the first sysfs_update_group() needs to explicitly kfree the resource as i... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20624 An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33776 A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privile... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32081 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32084 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23353 In the Linux kernel, the following vulnerability has been resolved: ice: fix crash in ethtool offline loopback test Since the conversion of ice to page pool, the ethtool loopback test crashes: BUG... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31599 In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in vidtv... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20608 This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing mali... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-55264 HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password cha... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23416 In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in curr_end, and then upon iterating t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20602 The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to cause a denial-of-service. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32181 Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-43537 A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2. Restoring a maliciously crafted backup file may lead to mod... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-43417 A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.2. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48651 In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no a... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33103 Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31604 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-34218 ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23339 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes ownership of the skb passed by the caller, but the -... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-25658 a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can pas... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23335 In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id;... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31606 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call cdev_init while cdev in use When calling unbind, then bind again, cdev_init reinitialized the cdev,... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25232 Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31487 In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is ca... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31517 In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() panic on non-linear skb during reassembly In iptfs_reassem_cont(), IP-TFS attempts to append data to th... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.