Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-25534 Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. ... | 8.2 | HIGH | — | 0 |
| CVE-2018-25182 Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Atta... | 8.2 | HIGH | — | 0 |
| CVE-2019-25535 Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can... | 8.2 | HIGH | — | 0 |
| CVE-2019-25684 OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GE... | 8.2 | HIGH | — | 0 |
| CVE-2019-25537 Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parame... | 8.2 | HIGH | — | 0 |
| CVE-2019-25538 202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send cr... | 8.2 | HIGH | — | 0 |
| CVE-2026-40163 Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to cre... | 8.2 | HIGH | — | 0 |
| CVE-2026-32138 NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Fo... | 8.2 | HIGH | — | 0 |
| CVE-2026-22171 OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensio... | 8.2 | HIGH | — | 0 |
| CVE-2019-25539 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can se... | 8.2 | HIGH | — | 0 |
| CVE-2023-54359 WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid'... | 8.2 | HIGH | — | 0 |
| CVE-2026-34042 act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can conne... | 8.2 | HIGH | — | 0 |
| CVE-2026-5208 Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names | 8.2 | HIGH | — | 0 |
| CVE-2018-25209 OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can subm... | 8.2 | HIGH | — | 0 |
| CVE-2018-25203 Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers ca... | 8.2 | HIGH | — | 0 |
| CVE-2026-39429 kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and ... | 8.2 | HIGH | — | 0 |
| CVE-2018-25179 Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can ... | 8.2 | HIGH | — | 0 |
| CVE-2025-25210 Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary wit... | 8.2 | HIGH | — | 0 |
| CVE-2025-14844 The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_car... | 8.2 | HIGH | — | 0 |
| CVE-2019-25489 Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET ... | 8.2 | HIGH | — | 0 |
| CVE-2026-28416 Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP r... | 8.2 | HIGH | — | 0 |
| CVE-2026-27179 MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] paramet... | 8.2 | HIGH | — | 0 |
| CVE-2020-37151 phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolea... | 8.2 | HIGH | — | 0 |
| CVE-2026-26723 Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter. | 8.2 | HIGH | — | 0 |
| CVE-2020-37006 berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a craf... | 8.2 | HIGH | — | 0 |
| CVE-2026-24790 The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication. | 8.2 | HIGH | — | 0 |
| CVE-2020-36972 SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically te... | 8.2 | HIGH | — | 0 |
| CVE-2025-69043 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy... | 8.2 | HIGH | — | 0 |
| CVE-2020-37076 Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability ... | 8.2 | HIGH | — | 0 |
| CVE-2020-36999 Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25490 Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET reques... | 8.2 | HIGH | — | 0 |
| CVE-2025-69040 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres... | 8.2 | HIGH | — | 0 |
| CVE-2026-24708 An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may... | 8.2 | HIGH | — | 0 |
| CVE-2020-37141 AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/mail... | 8.2 | HIGH | — | 0 |
| CVE-2020-37004 Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can expl... | 8.2 | HIGH | — | 0 |
| CVE-2026-28562 wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers ... | 8.2 | HIGH | — | 0 |
| CVE-2020-37163 QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject U... | 8.2 | HIGH | — | 0 |
| CVE-2019-25325 Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. A... | 8.2 | HIGH | — | 0 |
| CVE-2019-25492 Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET reque... | 8.2 | HIGH | — | 0 |
| CVE-2025-37168 Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unau... | 8.2 | HIGH | — | 0 |
| CVE-2025-70298 GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function. | 8.2 | HIGH | — | 0 |
| CVE-2019-25491 Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requ... | 8.2 | HIGH | — | 0 |
| CVE-2026-22022 Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict ... | 8.2 | HIGH | — | 0 |
| CVE-2025-69042 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo... | 8.2 | HIGH | — | 0 |
| CVE-2020-36945 WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inje... | 8.2 | HIGH | — | 0 |
| CVE-2021-47902 Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious S... | 8.2 | HIGH | — | 0 |
| CVE-2020-37110 60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulne... | 8.2 | HIGH | — | 0 |
| CVE-2026-34725 DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML... | 8.2 | HIGH | — | 0 |
| CVE-2024-44250 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated priv... | 8.2 | HIGH | — | 0 |
| CVE-2026-27700 Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application Load Ba... | 8.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.