Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2021-47903 LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands thr... | 8.8 | HIGH | — | 0 |
| CVE-2025-69328 Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Ma... | 8.8 | HIGH | — | 0 |
| CVE-2025-61973 A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, whic... | 8.8 | HIGH | — | 0 |
| CVE-2026-1329 A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn... | 8.8 | HIGH | — | 0 |
| CVE-2026-1328 A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manip... | 8.8 | HIGH | — | 0 |
| CVE-2026-1324 A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/sessio... | 8.8 | HIGH | — | 0 |
| CVE-2021-47788 WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language inst... | 8.8 | HIGH | — | 0 |
| CVE-2021-47794 ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account ... | 8.8 | HIGH | — | 0 |
| CVE-2026-34955 PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-pa... | 8.8 | HIGH | — | 0 |
| CVE-2021-47888 Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell... | 8.8 | HIGH | — | 0 |
| CVE-2026-24532 Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This i... | 8.8 | HIGH | — | 0 |
| CVE-2026-24534 Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <=... | 8.8 | HIGH | — | 0 |
| CVE-2025-14866 The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary... | 8.8 | HIGH | — | 0 |
| CVE-2026-22273 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access... | 8.8 | HIGH | — | 0 |
| CVE-2026-23492 Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform... | 8.8 | HIGH | — | 0 |
| CVE-2026-0796 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0795 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2025-66177 There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the d... | 8.8 | HIGH | — | 0 |
| CVE-2026-0786 ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Aud... | 8.8 | HIGH | — | 0 |
| CVE-2026-0785 ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Aud... | 8.8 | HIGH | — | 0 |
| CVE-2026-0784 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0783 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0782 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0781 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0780 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ... | 8.8 | HIGH | — | 0 |
| CVE-2026-0779 ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Au... | 8.8 | HIGH | — | 0 |
| CVE-2025-66428 An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation. | 8.8 | HIGH | — | 0 |
| CVE-2026-22822 External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the `getSecre... | 8.8 | HIGH | — | 0 |
| CVE-2026-24380 Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: ... | 8.8 | HIGH | — | 0 |
| CVE-2026-22807 vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolu... | 8.8 | HIGH | — | 0 |
| CVE-2026-24368 Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | 8.8 | HIGH | — | 0 |
| CVE-2026-24367 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a thro... | 8.8 | HIGH | — | 0 |
| CVE-2026-24358 Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And S... | 8.8 | HIGH | — | 0 |
| CVE-2026-24356 Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0. | 8.8 | HIGH | — | 0 |
| CVE-2020-36969 M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /ap... | 8.8 | HIGH | — | 0 |
| CVE-2026-23974 Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5. | 8.8 | HIGH | — | 0 |
| CVE-2026-22481 Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This iss... | 8.8 | HIGH | — | 0 |
| CVE-2026-22472 Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: ... | 8.8 | HIGH | — | 0 |
| CVE-2025-13774 A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands. | 8.8 | HIGH | — | 0 |
| CVE-2026-0492 SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could ... | 8.8 | HIGH | — | 0 |
| CVE-2025-69183 Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through... | 8.8 | HIGH | — | 0 |
| CVE-2025-69182 Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4... | 8.8 | HIGH | — | 0 |
| CVE-2021-47852 Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the Rocks... | 8.8 | HIGH | — | 0 |
| CVE-2025-69180 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra P... | 8.8 | HIGH | — | 0 |
| CVE-2025-69099 Deserialization of Untrusted Data vulnerability in fuelthemes North north-wp allows Object Injection.This issue affects North: from n/a through <= 5.7.5. | 8.8 | HIGH | — | 0 |
| CVE-2022-50936 WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the... | 8.8 | HIGH | — | 0 |
| CVE-2025-14386 The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the ... | 8.8 | HIGH | — | 0 |
| CVE-2022-50898 NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary... | 8.8 | HIGH | — | 0 |
| CVE-2026-23950 node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system... | 8.8 | HIGH | — | 0 |
| CVE-2025-69293 Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5. | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.