Vulnerabilidades CVE

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before...

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 1.6.3. This is due to the action...

Tanium addressed an information disclosure vulnerability in Threat Response.

The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type vali...

Tanium addressed an information disclosure vulnerability in Threat Response.

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged atta...

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch ...

October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature (...

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabilit...

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allo...

The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied `fi...

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use p...

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../)...

Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a ...

SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) with...

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Ad...

The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'delete_id' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping o...

The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient esc...

A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets.  Note: Software versions which have reached End of Technical Support (EoTS)...

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration...

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and in...

Server-Side Request Forgery (SSRF) vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through <= 2.4.7.

October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. ...

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit t...

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox ...

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary file...

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debu...

Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations...

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before ve...

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is ...

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulne...

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability al...

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability al...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerabili...

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pri...

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists ...

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts th...

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability al...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulne...

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading a...

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug...

A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an intern...

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions ...

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `action_exportCustom` function in `modules/ModuleBuild...

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expr...

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service (DoS) vulnerability exists in SuiteCRM...

A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal ...